2387745 – (CVE-2025-55159) CVE-2025-55159 slab: Slab: Out-of-bounds Memory Access Vulnerability

Bug 2387745 (CVE-2025-55159) - CVE-2025-55159 slab: Slab: Out-of-bounds Memory Access Vulnerability

Summary: CVE-2025-55159 slab: Slab: Out-of-bounds Memory Access Vulnerability

Keywords:
Status:	NEW
Alias:	CVE-2025-55159
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2387839 2387841 2387833 2387834 2387835 2387836 2387837 2387838 2387840
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-12 00:01 UTC by OSIDB Bzimport
Modified:	2025-09-01 08:28 UTC (History)
CC List:	41 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-12 00:01:17 UTC

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length.

Note You need to log in before you can comment on or make changes to this bug.

anthomas
bkabrda
brasmith
cochase
dbosanac
dhanak
dranck
drosa
dsimansk
ehelms
ggainey
gotiwari
jcantril
jgrulich
jhorak
jreimann
juwatts
jwendell
kingland
kverlaen
lball
matzew
mdessi
mhulan
mnovotny
mrizzi
mvyas
ngough
nmoumoul
osousa
pcattana
pcreech
rcernich
rchan
rojacob
sausingh
sdawley
smallamp
tmalecek
tpopela
veshanka