Wind River Support Network

HomeDefectsLIN1021-14627
Fixed

LIN1021-14627 : Security Advisory - corosync - CVE-2025-30472

Created: Mar 23, 2025    Updated: May 21, 2025
Resolved Date: May 21, 2025
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CREATE(Triage):(User=admin) CVE-2025-30472 (https://nvd.nist.gov/vuln/detail/CVE-2025-30472)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube