Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0670
Vulnerability from certfr_avis - Published: 2025-08-08 - Updated: 2025-08-08
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 25.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-37850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2025-37892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
},
{
"name": "CVE-2025-37859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37859"
},
{
"name": "CVE-2025-37792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
},
{
"name": "CVE-2025-22027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22027"
},
{
"name": "CVE-2025-37766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-37844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
},
{
"name": "CVE-2025-37871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
},
{
"name": "CVE-2024-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46751"
},
{
"name": "CVE-2025-37790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
},
{
"name": "CVE-2025-37758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2022-49168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49168"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2025-37841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
},
{
"name": "CVE-2025-37770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
},
{
"name": "CVE-2025-37773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2025-37983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2025-37819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
},
{
"name": "CVE-2024-35867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
},
{
"name": "CVE-2025-37789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2025-37867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
},
{
"name": "CVE-2025-37857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37857"
},
{
"name": "CVE-2025-37927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37927"
},
{
"name": "CVE-2025-37911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
},
{
"name": "CVE-2024-26686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2025-37930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
},
{
"name": "CVE-2025-37810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
},
{
"name": "CVE-2025-23159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2025-37741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
},
{
"name": "CVE-2025-37912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
},
{
"name": "CVE-2025-37985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
},
{
"name": "CVE-2025-37787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2022-49063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2025-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
},
{
"name": "CVE-2022-49535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
},
{
"name": "CVE-2025-23158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
},
{
"name": "CVE-2025-23144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
},
{
"name": "CVE-2025-37969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2025-37742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
},
{
"name": "CVE-2025-37765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
},
{
"name": "CVE-2025-23161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
},
{
"name": "CVE-2025-37803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
},
{
"name": "CVE-2025-37824",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
},
{
"name": "CVE-2025-37923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37923"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2025-22062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22062"
},
{
"name": "CVE-2025-37739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37739"
},
{
"name": "CVE-2025-37940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37940"
},
{
"name": "CVE-2025-37964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
},
{
"name": "CVE-2024-46742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46742"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2025-37915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
},
{
"name": "CVE-2025-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
},
{
"name": "CVE-2025-23142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2025-37830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
},
{
"name": "CVE-2025-37991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37991"
},
{
"name": "CVE-2023-52572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
},
{
"name": "CVE-2025-37781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
},
{
"name": "CVE-2025-37823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
},
{
"name": "CVE-2024-27402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27402"
},
{
"name": "CVE-2025-37740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
},
{
"name": "CVE-2025-37829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
},
{
"name": "CVE-2025-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
},
{
"name": "CVE-2025-37796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
},
{
"name": "CVE-2025-37883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37883"
},
{
"name": "CVE-2025-37811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37811"
},
{
"name": "CVE-2025-37767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
},
{
"name": "CVE-2025-37989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2025-37768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
},
{
"name": "CVE-2025-37970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
},
{
"name": "CVE-2025-37905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
},
{
"name": "CVE-2025-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
},
{
"name": "CVE-2025-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
},
{
"name": "CVE-2025-37885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37885"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-37949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2024-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46774"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2025-37840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
},
{
"name": "CVE-2024-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26739"
},
{
"name": "CVE-2024-35866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35866"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-36908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36908"
},
{
"name": "CVE-2025-37982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
},
{
"name": "CVE-2025-37992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-37914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
},
{
"name": "CVE-2025-37794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
},
{
"name": "CVE-2025-37836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2025-37771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
},
{
"name": "CVE-2025-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
},
{
"name": "CVE-2025-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23163"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2025-37757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37757"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2025-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-37817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37817"
},
{
"name": "CVE-2025-37838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37838"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2025-37994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2025-37858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
},
{
"name": "CVE-2025-37780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
},
{
"name": "CVE-2025-37995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
},
{
"name": "CVE-2025-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
},
{
"name": "CVE-2025-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2025-37808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37808"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-37805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2025-37990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
},
{
"name": "CVE-2025-37862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
},
{
"name": "CVE-2025-37839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
},
{
"name": "CVE-2025-37913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2023-52757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
},
{
"name": "CVE-2025-37851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
},
{
"name": "CVE-2023-52975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52975"
},
{
"name": "CVE-2025-37788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
},
{
"name": "CVE-2025-37881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
},
{
"name": "CVE-2025-37909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37909"
},
{
"name": "CVE-2025-37812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
},
{
"name": "CVE-2025-37875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
},
{
"name": "CVE-2022-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21546"
},
{
"name": "CVE-2025-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
},
{
"name": "CVE-2025-23148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
},
{
"name": "CVE-2025-23147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
}
],
"initial_release_date": "2025-08-08T00:00:00",
"last_revision_date": "2025-08-08T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0670",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7683-1",
"url": "https://ubuntu.com/security/notices/USN-7683-1"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7684-2",
"url": "https://ubuntu.com/security/notices/USN-7684-2"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7682-2",
"url": "https://ubuntu.com/security/notices/USN-7682-2"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7681-2",
"url": "https://ubuntu.com/security/notices/USN-7681-2"
},
{
"published_at": "2025-08-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7686-1",
"url": "https://ubuntu.com/security/notices/USN-7686-1"
},
{
"published_at": "2025-08-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7685-3",
"url": "https://ubuntu.com/security/notices/USN-7685-3"
},
{
"published_at": "2025-08-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7685-2",
"url": "https://ubuntu.com/security/notices/USN-7685-2"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7682-3",
"url": "https://ubuntu.com/security/notices/USN-7682-3"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7683-2",
"url": "https://ubuntu.com/security/notices/USN-7683-2"
},
{
"published_at": "2025-08-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7685-1",
"url": "https://ubuntu.com/security/notices/USN-7685-1"
},
{
"published_at": "2025-08-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7685-4",
"url": "https://ubuntu.com/security/notices/USN-7685-4"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7684-3",
"url": "https://ubuntu.com/security/notices/USN-7684-3"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7683-3",
"url": "https://ubuntu.com/security/notices/USN-7683-3"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7684-1",
"url": "https://ubuntu.com/security/notices/USN-7684-1"
},
{
"published_at": "2025-08-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7671-3",
"url": "https://ubuntu.com/security/notices/USN-7671-3"
},
{
"published_at": "2025-08-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7682-4",
"url": "https://ubuntu.com/security/notices/USN-7682-4"
}
]
}
CVE-2025-37892 (GCVE-0-2025-37892)
Vulnerability from cvelistv5 – Published: 2025-05-20 11:00 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
mtd: inftlcore: Add error check for inftl_read_oob()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: inftlcore: Add error check for inftl_read_oob()
In INFTL_findwriteunit(), the return value of inftl_read_oob()
need to be checked. A proper implementation can be
found in INFTL_deleteblock(). The status will be set as
SECTOR_IGNORE to break from the while-loop correctly
if the inftl_read_oob() fails.
Severity
No CVSS data available.
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/b828d394308e8e00d… | |
| https://git.kernel.org/stable/c/0300e751170cf80c0… | |
| https://git.kernel.org/stable/c/e7d6ceff95c55297f… | |
| https://git.kernel.org/stable/c/6af3b92b1c0b58ca2… | |
| https://git.kernel.org/stable/c/7772621041ee78823… | |
| https://git.kernel.org/stable/c/5479a6af3c96f73be… | |
| https://git.kernel.org/stable/c/1c22356dfb041e529… | |
| https://git.kernel.org/stable/c/114d94f095aa405fa… | |
| https://git.kernel.org/stable/c/d027951dc85cb2e15… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8593fbc68b0df1168995de76d1af38eb62fd6b62 , < b828d394308e8e00df0a6f57e7dabae609bb8b7b
(git)
Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < 0300e751170cf80c05ca1a762a7b449e8ca6b693 (git) Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < e7d6ceff95c55297f0ee8f9dbc4da5c558f30e9e (git) Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < 6af3b92b1c0b58ca281d0e1501bad2567f73c1a5 (git) Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < 7772621041ee78823ccc5f1fe38f6faa22af7023 (git) Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < 5479a6af3c96f73bec2d2819532b6d6814f52dd6 (git) Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < 1c22356dfb041e5292835c9ff44d5f91bef8dd18 (git) Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < 114d94f095aa405fa9a51484c4be34846d7bb386 (git) Affected: 8593fbc68b0df1168995de76d1af38eb62fd6b62 , < d027951dc85cb2e15924c980dc22a6754d100c7c (git) |
|
| Linux | Linux |
Affected:
2.6.18
Unaffected: 0 , < 2.6.18 (semver) Unaffected: 5.4.293 , ≤ 5.4.* (semver) Unaffected: 5.10.237 , ≤ 5.10.* (semver) Unaffected: 5.15.181 , ≤ 5.15.* (semver) Unaffected: 6.1.135 , ≤ 6.1.* (semver) Unaffected: 6.6.88 , ≤ 6.6.* (semver) Unaffected: 6.12.24 , ≤ 6.12.* (semver) Unaffected: 6.13.12 , ≤ 6.13.* (semver) Unaffected: 6.14.3 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:03.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/inftlcore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b828d394308e8e00df0a6f57e7dabae609bb8b7b",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "0300e751170cf80c05ca1a762a7b449e8ca6b693",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "e7d6ceff95c55297f0ee8f9dbc4da5c558f30e9e",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "6af3b92b1c0b58ca281d0e1501bad2567f73c1a5",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "7772621041ee78823ccc5f1fe38f6faa22af7023",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "5479a6af3c96f73bec2d2819532b6d6814f52dd6",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "1c22356dfb041e5292835c9ff44d5f91bef8dd18",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "114d94f095aa405fa9a51484c4be34846d7bb386",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
},
{
"lessThan": "d027951dc85cb2e15924c980dc22a6754d100c7c",
"status": "affected",
"version": "8593fbc68b0df1168995de76d1af38eb62fd6b62",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/inftlcore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.18"
},
{
"lessThan": "2.6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.293",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.135",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.293",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.135",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.88",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.24",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.12",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.3",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "2.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: inftlcore: Add error check for inftl_read_oob()\n\nIn INFTL_findwriteunit(), the return value of inftl_read_oob()\nneed to be checked. A proper implementation can be\nfound in INFTL_deleteblock(). The status will be set as\nSECTOR_IGNORE to break from the while-loop correctly\nif the inftl_read_oob() fails."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:08.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b828d394308e8e00df0a6f57e7dabae609bb8b7b"
},
{
"url": "https://git.kernel.org/stable/c/0300e751170cf80c05ca1a762a7b449e8ca6b693"
},
{
"url": "https://git.kernel.org/stable/c/e7d6ceff95c55297f0ee8f9dbc4da5c558f30e9e"
},
{
"url": "https://git.kernel.org/stable/c/6af3b92b1c0b58ca281d0e1501bad2567f73c1a5"
},
{
"url": "https://git.kernel.org/stable/c/7772621041ee78823ccc5f1fe38f6faa22af7023"
},
{
"url": "https://git.kernel.org/stable/c/5479a6af3c96f73bec2d2819532b6d6814f52dd6"
},
{
"url": "https://git.kernel.org/stable/c/1c22356dfb041e5292835c9ff44d5f91bef8dd18"
},
{
"url": "https://git.kernel.org/stable/c/114d94f095aa405fa9a51484c4be34846d7bb386"
},
{
"url": "https://git.kernel.org/stable/c/d027951dc85cb2e15924c980dc22a6754d100c7c"
}
],
"title": "mtd: inftlcore: Add error check for inftl_read_oob()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37892",
"datePublished": "2025-05-20T11:00:26.977Z",
"dateReserved": "2025-04-16T04:51:23.964Z",
"dateUpdated": "2026-05-11T21:17:08.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37905 (GCVE-0-2025-37905)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
firmware: arm_scmi: Balance device refcount when destroying devices
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Balance device refcount when destroying devices
Using device_find_child() to lookup the proper SCMI device to destroy
causes an unbalance in device refcount, since device_find_child() calls an
implicit get_device(): this, in turns, inhibits the call of the provided
release methods upon devices destruction.
As a consequence, one of the structures that is not freed properly upon
destruction is the internal struct device_private dev->p populated by the
drivers subsystem core.
KMemleak detects this situation since loading/unloding some SCMI driver
causes related devices to be created/destroyed without calling any
device_release method.
unreferenced object 0xffff00000f583800 (size 512):
comm "insmod", pid 227, jiffies 4294912190
hex dump (first 32 bytes):
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ff ff ff ff ff ff ff ff 60 36 1d 8a 00 80 ff ff ........`6......
backtrace (crc 114e2eed):
kmemleak_alloc+0xbc/0xd8
__kmalloc_cache_noprof+0x2dc/0x398
device_add+0x954/0x12d0
device_register+0x28/0x40
__scmi_device_create.part.0+0x1bc/0x380
scmi_device_create+0x2d0/0x390
scmi_create_protocol_devices+0x74/0xf8
scmi_device_request_notifier+0x1f8/0x2a8
notifier_call_chain+0x110/0x3b0
blocking_notifier_call_chain+0x70/0xb0
scmi_driver_register+0x350/0x7f0
0xffff80000a3b3038
do_one_initcall+0x12c/0x730
do_init_module+0x1dc/0x640
load_module+0x4b20/0x5b70
init_module_from_file+0xec/0x158
$ ./scripts/faddr2line ./vmlinux device_add+0x954/0x12d0
device_add+0x954/0x12d0:
kmalloc_noprof at include/linux/slab.h:901
(inlined by) kzalloc_noprof at include/linux/slab.h:1037
(inlined by) device_private_init at drivers/base/core.c:3510
(inlined by) device_add at drivers/base/core.c:3561
Balance device refcount by issuing a put_device() on devices found via
device_find_child().
Severity
No CVSS data available.
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/91ff1e9652fb9beb0… | |
| https://git.kernel.org/stable/c/ff4273d47da81b95e… | |
| https://git.kernel.org/stable/c/2fbf6c9695ad9f05e… | |
| https://git.kernel.org/stable/c/969d8beaa2e374387… | |
| https://git.kernel.org/stable/c/8a8a3547d5c4960da… | |
| https://git.kernel.org/stable/c/9ca67840c0ddf3f39… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d4f9dddd21f39395c62ea12d3d91239637d4805f , < 91ff1e9652fb9beb0174267d6bb38243dff211bb
(git)
Affected: d4f9dddd21f39395c62ea12d3d91239637d4805f , < ff4273d47da81b95ed9396110bcbd1b7b7470fe8 (git) Affected: d4f9dddd21f39395c62ea12d3d91239637d4805f , < 2fbf6c9695ad9f05e7e5c166bf43fac7cb3276b3 (git) Affected: d4f9dddd21f39395c62ea12d3d91239637d4805f , < 969d8beaa2e374387bf9aa5602ef84fc50bb48d8 (git) Affected: d4f9dddd21f39395c62ea12d3d91239637d4805f , < 8a8a3547d5c4960da053df49c75bf623827a25da (git) Affected: d4f9dddd21f39395c62ea12d3d91239637d4805f , < 9ca67840c0ddf3f39407339624cef824a4f27599 (git) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:09.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "91ff1e9652fb9beb0174267d6bb38243dff211bb",
"status": "affected",
"version": "d4f9dddd21f39395c62ea12d3d91239637d4805f",
"versionType": "git"
},
{
"lessThan": "ff4273d47da81b95ed9396110bcbd1b7b7470fe8",
"status": "affected",
"version": "d4f9dddd21f39395c62ea12d3d91239637d4805f",
"versionType": "git"
},
{
"lessThan": "2fbf6c9695ad9f05e7e5c166bf43fac7cb3276b3",
"status": "affected",
"version": "d4f9dddd21f39395c62ea12d3d91239637d4805f",
"versionType": "git"
},
{
"lessThan": "969d8beaa2e374387bf9aa5602ef84fc50bb48d8",
"status": "affected",
"version": "d4f9dddd21f39395c62ea12d3d91239637d4805f",
"versionType": "git"
},
{
"lessThan": "8a8a3547d5c4960da053df49c75bf623827a25da",
"status": "affected",
"version": "d4f9dddd21f39395c62ea12d3d91239637d4805f",
"versionType": "git"
},
{
"lessThan": "9ca67840c0ddf3f39407339624cef824a4f27599",
"status": "affected",
"version": "d4f9dddd21f39395c62ea12d3d91239637d4805f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Balance device refcount when destroying devices\n\nUsing device_find_child() to lookup the proper SCMI device to destroy\ncauses an unbalance in device refcount, since device_find_child() calls an\nimplicit get_device(): this, in turns, inhibits the call of the provided\nrelease methods upon devices destruction.\n\nAs a consequence, one of the structures that is not freed properly upon\ndestruction is the internal struct device_private dev-\u003ep populated by the\ndrivers subsystem core.\n\nKMemleak detects this situation since loading/unloding some SCMI driver\ncauses related devices to be created/destroyed without calling any\ndevice_release method.\n\nunreferenced object 0xffff00000f583800 (size 512):\n comm \"insmod\", pid 227, jiffies 4294912190\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 60 36 1d 8a 00 80 ff ff ........`6......\n backtrace (crc 114e2eed):\n kmemleak_alloc+0xbc/0xd8\n __kmalloc_cache_noprof+0x2dc/0x398\n device_add+0x954/0x12d0\n device_register+0x28/0x40\n __scmi_device_create.part.0+0x1bc/0x380\n scmi_device_create+0x2d0/0x390\n scmi_create_protocol_devices+0x74/0xf8\n scmi_device_request_notifier+0x1f8/0x2a8\n notifier_call_chain+0x110/0x3b0\n blocking_notifier_call_chain+0x70/0xb0\n scmi_driver_register+0x350/0x7f0\n 0xffff80000a3b3038\n do_one_initcall+0x12c/0x730\n do_init_module+0x1dc/0x640\n load_module+0x4b20/0x5b70\n init_module_from_file+0xec/0x158\n\n$ ./scripts/faddr2line ./vmlinux device_add+0x954/0x12d0\ndevice_add+0x954/0x12d0:\nkmalloc_noprof at include/linux/slab.h:901\n(inlined by) kzalloc_noprof at include/linux/slab.h:1037\n(inlined by) device_private_init at drivers/base/core.c:3510\n(inlined by) device_add at drivers/base/core.c:3561\n\nBalance device refcount by issuing a put_device() on devices found via\ndevice_find_child()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:22.704Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/91ff1e9652fb9beb0174267d6bb38243dff211bb"
},
{
"url": "https://git.kernel.org/stable/c/ff4273d47da81b95ed9396110bcbd1b7b7470fe8"
},
{
"url": "https://git.kernel.org/stable/c/2fbf6c9695ad9f05e7e5c166bf43fac7cb3276b3"
},
{
"url": "https://git.kernel.org/stable/c/969d8beaa2e374387bf9aa5602ef84fc50bb48d8"
},
{
"url": "https://git.kernel.org/stable/c/8a8a3547d5c4960da053df49c75bf623827a25da"
},
{
"url": "https://git.kernel.org/stable/c/9ca67840c0ddf3f39407339624cef824a4f27599"
}
],
"title": "firmware: arm_scmi: Balance device refcount when destroying devices",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37905",
"datePublished": "2025-05-20T15:21:38.890Z",
"dateReserved": "2025-04-16T04:51:23.966Z",
"dateUpdated": "2026-05-11T21:17:22.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37909 (GCVE-0-2025-37909)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
net: lan743x: Fix memleak issue when GSO enabled
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: lan743x: Fix memleak issue when GSO enabled
Always map the `skb` to the LS descriptor. Previously skb was
mapped to EXT descriptor when the number of fragments is zero with
GSO enabled. Mapping the skb to EXT descriptor prevents it from
being freed, leading to a memory leak
Severity
No CVSS data available.
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/093855ce90177488e… | |
| https://git.kernel.org/stable/c/6c65ee5ad632eb8dc… | |
| https://git.kernel.org/stable/c/df993daa4c968b4b2… | |
| https://git.kernel.org/stable/c/a0e0efbabbbe6a185… | |
| https://git.kernel.org/stable/c/dae1ce27ceaea7e15… | |
| https://git.kernel.org/stable/c/189b05f189cac9fd2… | |
| https://git.kernel.org/stable/c/f42c18e2f14c1b1fd… | |
| https://git.kernel.org/stable/c/2d52e2e38b85c8b7b… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
23f0703c125be490f70501b6b24ed5645775c56a , < 093855ce90177488eac772de4eefbb909033ce5f
(git)
Affected: 23f0703c125be490f70501b6b24ed5645775c56a , < 6c65ee5ad632eb8dcd3a91cf5dc99b22535f44d9 (git) Affected: 23f0703c125be490f70501b6b24ed5645775c56a , < df993daa4c968b4b23078eacc248f6502ede8664 (git) Affected: 23f0703c125be490f70501b6b24ed5645775c56a , < a0e0efbabbbe6a1859bc31bf65237ce91e124b9b (git) Affected: 23f0703c125be490f70501b6b24ed5645775c56a , < dae1ce27ceaea7e1522025b15252e3cc52802622 (git) Affected: 23f0703c125be490f70501b6b24ed5645775c56a , < 189b05f189cac9fd233ef04d31cb5078c4d09c39 (git) Affected: 23f0703c125be490f70501b6b24ed5645775c56a , < f42c18e2f14c1b1fdd2a5250069a84bc854c398c (git) Affected: 23f0703c125be490f70501b6b24ed5645775c56a , < 2d52e2e38b85c8b7bc00dca55c2499f46f8c8198 (git) |
|
| Linux | Linux |
Affected:
4.17
Unaffected: 0 , < 4.17 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:10.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/microchip/lan743x_main.c",
"drivers/net/ethernet/microchip/lan743x_main.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "093855ce90177488eac772de4eefbb909033ce5f",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
},
{
"lessThan": "6c65ee5ad632eb8dcd3a91cf5dc99b22535f44d9",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
},
{
"lessThan": "df993daa4c968b4b23078eacc248f6502ede8664",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
},
{
"lessThan": "a0e0efbabbbe6a1859bc31bf65237ce91e124b9b",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
},
{
"lessThan": "dae1ce27ceaea7e1522025b15252e3cc52802622",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
},
{
"lessThan": "189b05f189cac9fd233ef04d31cb5078c4d09c39",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
},
{
"lessThan": "f42c18e2f14c1b1fdd2a5250069a84bc854c398c",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
},
{
"lessThan": "2d52e2e38b85c8b7bc00dca55c2499f46f8c8198",
"status": "affected",
"version": "23f0703c125be490f70501b6b24ed5645775c56a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/microchip/lan743x_main.c",
"drivers/net/ethernet/microchip/lan743x_main.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: Fix memleak issue when GSO enabled\n\nAlways map the `skb` to the LS descriptor. Previously skb was\nmapped to EXT descriptor when the number of fragments is zero with\nGSO enabled. Mapping the skb to EXT descriptor prevents it from\nbeing freed, leading to a memory leak"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:27.234Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/093855ce90177488eac772de4eefbb909033ce5f"
},
{
"url": "https://git.kernel.org/stable/c/6c65ee5ad632eb8dcd3a91cf5dc99b22535f44d9"
},
{
"url": "https://git.kernel.org/stable/c/df993daa4c968b4b23078eacc248f6502ede8664"
},
{
"url": "https://git.kernel.org/stable/c/a0e0efbabbbe6a1859bc31bf65237ce91e124b9b"
},
{
"url": "https://git.kernel.org/stable/c/dae1ce27ceaea7e1522025b15252e3cc52802622"
},
{
"url": "https://git.kernel.org/stable/c/189b05f189cac9fd233ef04d31cb5078c4d09c39"
},
{
"url": "https://git.kernel.org/stable/c/f42c18e2f14c1b1fdd2a5250069a84bc854c398c"
},
{
"url": "https://git.kernel.org/stable/c/2d52e2e38b85c8b7bc00dca55c2499f46f8c8198"
}
],
"title": "net: lan743x: Fix memleak issue when GSO enabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37909",
"datePublished": "2025-05-20T15:21:41.804Z",
"dateReserved": "2025-04-16T04:51:23.967Z",
"dateUpdated": "2026-05-11T21:17:27.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37911 (GCVE-0-2025-37911)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-23 15:58
VLAI
EPSS
Title
bnxt_en: Fix out-of-bound memcpy() during ethtool -w
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix out-of-bound memcpy() during ethtool -w
When retrieving the FW coredump using ethtool, it can sometimes cause
memory corruption:
BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en]
Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45):
__bnxt_get_coredump+0x3ef/0x670 [bnxt_en]
ethtool_get_dump_data+0xdc/0x1a0
__dev_ethtool+0xa1e/0x1af0
dev_ethtool+0xa8/0x170
dev_ioctl+0x1b5/0x580
sock_do_ioctl+0xab/0xf0
sock_ioctl+0x1ce/0x2e0
__x64_sys_ioctl+0x87/0xc0
do_syscall_64+0x5c/0xf0
entry_SYSCALL_64_after_hwframe+0x78/0x80
...
This happens when copying the coredump segment list in
bnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command.
The info->dest_buf buffer is allocated based on the number of coredump
segments returned by the FW. The segment list is then DMA'ed by
the FW and the length of the DMA is returned by FW. The driver then
copies this DMA'ed segment list to info->dest_buf.
In some cases, this DMA length may exceed the info->dest_buf length
and cause the above BUG condition. Fix it by capping the copy
length to not exceed the length of info->dest_buf. The extra
DMA data contains no useful information.
This code path is shared for the HWRM_DBG_COREDUMP_LIST and the
HWRM_DBG_COREDUMP_RETRIEVE FW commands. The buffering is different
for these 2 FW commands. To simplify the logic, we need to move
the line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE
up, so that the new check to cap the copy length will work for both
commands.
Severity
No CVSS data available.
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/69b10dd23ab826d0c… | |
| https://git.kernel.org/stable/c/43292b83424158fa6… | |
| https://git.kernel.org/stable/c/4d69864915a3a0525… | |
| https://git.kernel.org/stable/c/44807af79efd0d78f… | |
| https://git.kernel.org/stable/c/44d81a9ebf0cad925… | |
| https://git.kernel.org/stable/c/6b87bd94f34370bbf… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c74751f4c39232c31214ec6a3bc1c7e62f5c728b , < 69b10dd23ab826d0c7f2d9ab311842251978d0c1
(git)
Affected: c74751f4c39232c31214ec6a3bc1c7e62f5c728b , < 43292b83424158fa6ec458799f3cb9c54d18c484 (git) Affected: c74751f4c39232c31214ec6a3bc1c7e62f5c728b , < 4d69864915a3a052538e4ba76cd6fd77cfc64ebe (git) Affected: c74751f4c39232c31214ec6a3bc1c7e62f5c728b , < 44807af79efd0d78fa36383dd865ddfe7992c0a6 (git) Affected: c74751f4c39232c31214ec6a3bc1c7e62f5c728b , < 44d81a9ebf0cad92512e0ffdf7412bfe20db66ec (git) Affected: c74751f4c39232c31214ec6a3bc1c7e62f5c728b , < 6b87bd94f34370bbf1dfa59352bed8efab5bf419 (git) Affected: 4bf973a1f84aefb64750bdb3afe72d54de3199d7 (git) Affected: a76837dd731b68cc3b5690470bc9efa2a8e3801a (git) Affected: 4.19.95 , < 4.20 (semver) Affected: 5.4.8 , < 5.5 (semver) |
|
| Linux | Linux |
Affected:
5.5
Unaffected: 0 , < 5.5 (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:12.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69b10dd23ab826d0c7f2d9ab311842251978d0c1",
"status": "affected",
"version": "c74751f4c39232c31214ec6a3bc1c7e62f5c728b",
"versionType": "git"
},
{
"lessThan": "43292b83424158fa6ec458799f3cb9c54d18c484",
"status": "affected",
"version": "c74751f4c39232c31214ec6a3bc1c7e62f5c728b",
"versionType": "git"
},
{
"lessThan": "4d69864915a3a052538e4ba76cd6fd77cfc64ebe",
"status": "affected",
"version": "c74751f4c39232c31214ec6a3bc1c7e62f5c728b",
"versionType": "git"
},
{
"lessThan": "44807af79efd0d78fa36383dd865ddfe7992c0a6",
"status": "affected",
"version": "c74751f4c39232c31214ec6a3bc1c7e62f5c728b",
"versionType": "git"
},
{
"lessThan": "44d81a9ebf0cad92512e0ffdf7412bfe20db66ec",
"status": "affected",
"version": "c74751f4c39232c31214ec6a3bc1c7e62f5c728b",
"versionType": "git"
},
{
"lessThan": "6b87bd94f34370bbf1dfa59352bed8efab5bf419",
"status": "affected",
"version": "c74751f4c39232c31214ec6a3bc1c7e62f5c728b",
"versionType": "git"
},
{
"status": "affected",
"version": "4bf973a1f84aefb64750bdb3afe72d54de3199d7",
"versionType": "git"
},
{
"status": "affected",
"version": "a76837dd731b68cc3b5690470bc9efa2a8e3801a",
"versionType": "git"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.95",
"versionType": "semver"
},
{
"lessThan": "5.5",
"status": "affected",
"version": "5.4.8",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix out-of-bound memcpy() during ethtool -w\n\nWhen retrieving the FW coredump using ethtool, it can sometimes cause\nmemory corruption:\n\nBUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en]\nCorrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45):\n__bnxt_get_coredump+0x3ef/0x670 [bnxt_en]\nethtool_get_dump_data+0xdc/0x1a0\n__dev_ethtool+0xa1e/0x1af0\ndev_ethtool+0xa8/0x170\ndev_ioctl+0x1b5/0x580\nsock_do_ioctl+0xab/0xf0\nsock_ioctl+0x1ce/0x2e0\n__x64_sys_ioctl+0x87/0xc0\ndo_syscall_64+0x5c/0xf0\nentry_SYSCALL_64_after_hwframe+0x78/0x80\n\n...\n\nThis happens when copying the coredump segment list in\nbnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command.\nThe info-\u003edest_buf buffer is allocated based on the number of coredump\nsegments returned by the FW. The segment list is then DMA\u0027ed by\nthe FW and the length of the DMA is returned by FW. The driver then\ncopies this DMA\u0027ed segment list to info-\u003edest_buf.\n\nIn some cases, this DMA length may exceed the info-\u003edest_buf length\nand cause the above BUG condition. Fix it by capping the copy\nlength to not exceed the length of info-\u003edest_buf. The extra\nDMA data contains no useful information.\n\nThis code path is shared for the HWRM_DBG_COREDUMP_LIST and the\nHWRM_DBG_COREDUMP_RETRIEVE FW commands. The buffering is different\nfor these 2 FW commands. To simplify the logic, we need to move\nthe line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE\nup, so that the new check to cap the copy length will work for both\ncommands."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:58:33.547Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69b10dd23ab826d0c7f2d9ab311842251978d0c1"
},
{
"url": "https://git.kernel.org/stable/c/43292b83424158fa6ec458799f3cb9c54d18c484"
},
{
"url": "https://git.kernel.org/stable/c/4d69864915a3a052538e4ba76cd6fd77cfc64ebe"
},
{
"url": "https://git.kernel.org/stable/c/44807af79efd0d78fa36383dd865ddfe7992c0a6"
},
{
"url": "https://git.kernel.org/stable/c/44d81a9ebf0cad92512e0ffdf7412bfe20db66ec"
},
{
"url": "https://git.kernel.org/stable/c/6b87bd94f34370bbf1dfa59352bed8efab5bf419"
}
],
"title": "bnxt_en: Fix out-of-bound memcpy() during ethtool -w",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37911",
"datePublished": "2025-05-20T15:21:43.278Z",
"dateReserved": "2025-04-16T04:51:23.967Z",
"dateUpdated": "2026-05-23T15:58:33.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37912 (GCVE-0-2025-37912)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-23 15:58
VLAI
EPSS
Title
ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI
pointer values"), we need to perform a null pointer check on the return
value of ice_get_vf_vsi() before using it.
Severity
No CVSS data available.
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/a32dcc3b8293600dd… | |
| https://git.kernel.org/stable/c/0561f2e374c3732b9… | |
| https://git.kernel.org/stable/c/eae60cfe25d022d7f… | |
| https://git.kernel.org/stable/c/073791e9cfe6e4a11… | |
| https://git.kernel.org/stable/c/f68237982dc012230… | |
| https://git.kernel.org/stable/c/425c5f266b2edeee0… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e81b674ead8e2172b2a69e7b45e079239ace4dbc , < a32dcc3b8293600ddc4024731b4d027d4de061a4
(git)
Affected: 8e02cd98a6e24389d476e28436d41e620ed8e559 , < 0561f2e374c3732b90e50f0a244791a4308ec67e (git) Affected: d62389073a5b937413e2d1bc1da06ccff5103c0c , < eae60cfe25d022d7f0321dba4cc23ad8e87ade48 (git) Affected: 6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 , < 073791e9cfe6e4a11a6d85816ba87b1aa207493e (git) Affected: 6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 , < f68237982dc012230550f4ecf7ce286a9c37ddc9 (git) Affected: 6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 , < 425c5f266b2edeee0ce16fedd8466410cdcfcfe3 (git) Affected: 292081c4e7f575a79017d5cbe1a0ec042783976f (git) Affected: 5.15.172 , < 5.15.182 (semver) Affected: 6.1.103 , < 6.1.138 (semver) Affected: 6.6.44 , < 6.6.90 (semver) Affected: 6.10.3 , < 6.11 (semver) |
|
| Linux | Linux |
Affected:
6.11
Unaffected: 0 , < 6.11 (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:13.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a32dcc3b8293600ddc4024731b4d027d4de061a4",
"status": "affected",
"version": "e81b674ead8e2172b2a69e7b45e079239ace4dbc",
"versionType": "git"
},
{
"lessThan": "0561f2e374c3732b90e50f0a244791a4308ec67e",
"status": "affected",
"version": "8e02cd98a6e24389d476e28436d41e620ed8e559",
"versionType": "git"
},
{
"lessThan": "eae60cfe25d022d7f0321dba4cc23ad8e87ade48",
"status": "affected",
"version": "d62389073a5b937413e2d1bc1da06ccff5103c0c",
"versionType": "git"
},
{
"lessThan": "073791e9cfe6e4a11a6d85816ba87b1aa207493e",
"status": "affected",
"version": "6ebbe97a488179f5dc85f2f1e0c89b486e99ee97",
"versionType": "git"
},
{
"lessThan": "f68237982dc012230550f4ecf7ce286a9c37ddc9",
"status": "affected",
"version": "6ebbe97a488179f5dc85f2f1e0c89b486e99ee97",
"versionType": "git"
},
{
"lessThan": "425c5f266b2edeee0ce16fedd8466410cdcfcfe3",
"status": "affected",
"version": "6ebbe97a488179f5dc85f2f1e0c89b486e99ee97",
"versionType": "git"
},
{
"status": "affected",
"version": "292081c4e7f575a79017d5cbe1a0ec042783976f",
"versionType": "git"
},
{
"lessThan": "5.15.182",
"status": "affected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThan": "6.1.138",
"status": "affected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThan": "6.6.90",
"status": "affected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThan": "6.11",
"status": "affected",
"version": "6.10.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "5.15.172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()\n\nAs mentioned in the commit baeb705fd6a7 (\"ice: always check VF VSI\npointer values\"), we need to perform a null pointer check on the return\nvalue of ice_get_vf_vsi() before using it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:58:34.525Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a32dcc3b8293600ddc4024731b4d027d4de061a4"
},
{
"url": "https://git.kernel.org/stable/c/0561f2e374c3732b90e50f0a244791a4308ec67e"
},
{
"url": "https://git.kernel.org/stable/c/eae60cfe25d022d7f0321dba4cc23ad8e87ade48"
},
{
"url": "https://git.kernel.org/stable/c/073791e9cfe6e4a11a6d85816ba87b1aa207493e"
},
{
"url": "https://git.kernel.org/stable/c/f68237982dc012230550f4ecf7ce286a9c37ddc9"
},
{
"url": "https://git.kernel.org/stable/c/425c5f266b2edeee0ce16fedd8466410cdcfcfe3"
}
],
"title": "ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37912",
"datePublished": "2025-05-20T15:21:44.062Z",
"dateReserved": "2025-04-16T04:51:23.967Z",
"dateUpdated": "2026-05-23T15:58:34.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37913 (GCVE-0-2025-37913)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
net_sched: qfq: Fix double list add in class with netem as child qdisc
Summary
In the Linux kernel, the following vulnerability has been resolved:
net_sched: qfq: Fix double list add in class with netem as child qdisc
As described in Gerrard's report [1], there are use cases where a netem
child qdisc will make the parent qdisc's enqueue callback reentrant.
In the case of qfq, there won't be a UAF, but the code will add the same
classifier to the list twice, which will cause memory corruption.
This patch checks whether the class was already added to the agg->active
list (cl_is_active) before doing the addition to cater for the reentrant
case.
[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/
Severity
No CVSS data available.
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/041f410aec2c1751e… | |
| https://git.kernel.org/stable/c/005a479540478a820… | |
| https://git.kernel.org/stable/c/0bf32d6fb1fcbf841… | |
| https://git.kernel.org/stable/c/0aa23e0856b7cedb3… | |
| https://git.kernel.org/stable/c/a43783119e01849fb… | |
| https://git.kernel.org/stable/c/53bc0b55178bd59bd… | |
| https://git.kernel.org/stable/c/370218e8ce711684a… | |
| https://git.kernel.org/stable/c/f139f37dcdf34b67f… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 041f410aec2c1751ee22b8b73ba05d38c3a6a602
(git)
Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 005a479540478a820c52de098e5e767e63e36f0a (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 0bf32d6fb1fcbf841bb9945570e0e2a70072c00f (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 0aa23e0856b7cedb3c88d8e3d281c212c7e4fbeb (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < a43783119e01849fbf2fe8855634e8989b240cb4 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 53bc0b55178bd59bdd4bcd16349505cabf54b1a2 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 370218e8ce711684acc4cdd3cc3c6dd7956bc165 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < f139f37dcdf34b67f5bf92bc8e0f7f6b3ac63aa4 (git) |
|
| Linux | Linux |
Affected:
5.0
Unaffected: 0 , < 5.0 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:15.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_qfq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "041f410aec2c1751ee22b8b73ba05d38c3a6a602",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "005a479540478a820c52de098e5e767e63e36f0a",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "0bf32d6fb1fcbf841bb9945570e0e2a70072c00f",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "0aa23e0856b7cedb3c88d8e3d281c212c7e4fbeb",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "a43783119e01849fbf2fe8855634e8989b240cb4",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "53bc0b55178bd59bdd4bcd16349505cabf54b1a2",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "370218e8ce711684acc4cdd3cc3c6dd7956bc165",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "f139f37dcdf34b67f5bf92bc8e0f7f6b3ac63aa4",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_qfq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: qfq: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc\u0027s enqueue callback reentrant.\nIn the case of qfq, there won\u0027t be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nThis patch checks whether the class was already added to the agg-\u003eactive\nlist (cl_is_active) before doing the addition to cater for the reentrant\ncase.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:31.826Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/041f410aec2c1751ee22b8b73ba05d38c3a6a602"
},
{
"url": "https://git.kernel.org/stable/c/005a479540478a820c52de098e5e767e63e36f0a"
},
{
"url": "https://git.kernel.org/stable/c/0bf32d6fb1fcbf841bb9945570e0e2a70072c00f"
},
{
"url": "https://git.kernel.org/stable/c/0aa23e0856b7cedb3c88d8e3d281c212c7e4fbeb"
},
{
"url": "https://git.kernel.org/stable/c/a43783119e01849fbf2fe8855634e8989b240cb4"
},
{
"url": "https://git.kernel.org/stable/c/53bc0b55178bd59bdd4bcd16349505cabf54b1a2"
},
{
"url": "https://git.kernel.org/stable/c/370218e8ce711684acc4cdd3cc3c6dd7956bc165"
},
{
"url": "https://git.kernel.org/stable/c/f139f37dcdf34b67f5bf92bc8e0f7f6b3ac63aa4"
}
],
"title": "net_sched: qfq: Fix double list add in class with netem as child qdisc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37913",
"datePublished": "2025-05-20T15:21:44.793Z",
"dateReserved": "2025-04-16T04:51:23.967Z",
"dateUpdated": "2026-05-11T21:17:31.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37914 (GCVE-0-2025-37914)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
net_sched: ets: Fix double list add in class with netem as child qdisc
Summary
In the Linux kernel, the following vulnerability has been resolved:
net_sched: ets: Fix double list add in class with netem as child qdisc
As described in Gerrard's report [1], there are use cases where a netem
child qdisc will make the parent qdisc's enqueue callback reentrant.
In the case of ets, there won't be a UAF, but the code will add the same
classifier to the list twice, which will cause memory corruption.
In addition to checking for qlen being zero, this patch checks whether
the class was already added to the active_list (cl_is_active) before
doing the addition to cater for the reentrant case.
[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/
Severity
No CVSS data available.
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/24388ba0a1b1b6d4a… | |
| https://git.kernel.org/stable/c/554acc5a2ea9703e0… | |
| https://git.kernel.org/stable/c/9efb6a0fa88e0910d… | |
| https://git.kernel.org/stable/c/72c3da7e6ceb74e74… | |
| https://git.kernel.org/stable/c/1f01e9f961605eb39… | |
| https://git.kernel.org/stable/c/bc321f714de693aae… | |
| https://git.kernel.org/stable/c/1a6d0c00fa0797238… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 24388ba0a1b1b6d4af1b205927ac7f7b119ee4ea
(git)
Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 554acc5a2ea9703e08023eb9a003f9e5a830a502 (git) Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 9efb6a0fa88e0910d079fdfeb4f7ce4d4ac6c990 (git) Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 72c3da7e6ceb74e74ddbb5a305a35c9fdfcac6e3 (git) Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 1f01e9f961605eb397c6ecd1d7b0233dfbf9077c (git) Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < bc321f714de693aae06e3786f88df2975376d996 (git) Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 1a6d0c00fa07972384b0c308c72db091d49988b6 (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:16.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_ets.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24388ba0a1b1b6d4af1b205927ac7f7b119ee4ea",
"status": "affected",
"version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
"versionType": "git"
},
{
"lessThan": "554acc5a2ea9703e08023eb9a003f9e5a830a502",
"status": "affected",
"version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
"versionType": "git"
},
{
"lessThan": "9efb6a0fa88e0910d079fdfeb4f7ce4d4ac6c990",
"status": "affected",
"version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
"versionType": "git"
},
{
"lessThan": "72c3da7e6ceb74e74ddbb5a305a35c9fdfcac6e3",
"status": "affected",
"version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
"versionType": "git"
},
{
"lessThan": "1f01e9f961605eb397c6ecd1d7b0233dfbf9077c",
"status": "affected",
"version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
"versionType": "git"
},
{
"lessThan": "bc321f714de693aae06e3786f88df2975376d996",
"status": "affected",
"version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
"versionType": "git"
},
{
"lessThan": "1a6d0c00fa07972384b0c308c72db091d49988b6",
"status": "affected",
"version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_ets.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc\u0027s enqueue callback reentrant.\nIn the case of ets, there won\u0027t be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nIn addition to checking for qlen being zero, this patch checks whether\nthe class was already added to the active_list (cl_is_active) before\ndoing the addition to cater for the reentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:33.128Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24388ba0a1b1b6d4af1b205927ac7f7b119ee4ea"
},
{
"url": "https://git.kernel.org/stable/c/554acc5a2ea9703e08023eb9a003f9e5a830a502"
},
{
"url": "https://git.kernel.org/stable/c/9efb6a0fa88e0910d079fdfeb4f7ce4d4ac6c990"
},
{
"url": "https://git.kernel.org/stable/c/72c3da7e6ceb74e74ddbb5a305a35c9fdfcac6e3"
},
{
"url": "https://git.kernel.org/stable/c/1f01e9f961605eb397c6ecd1d7b0233dfbf9077c"
},
{
"url": "https://git.kernel.org/stable/c/bc321f714de693aae06e3786f88df2975376d996"
},
{
"url": "https://git.kernel.org/stable/c/1a6d0c00fa07972384b0c308c72db091d49988b6"
}
],
"title": "net_sched: ets: Fix double list add in class with netem as child qdisc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37914",
"datePublished": "2025-05-20T15:21:45.796Z",
"dateReserved": "2025-04-16T04:51:23.967Z",
"dateUpdated": "2026-05-11T21:17:33.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37915 (GCVE-0-2025-37915)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
net_sched: drr: Fix double list add in class with netem as child qdisc
Summary
In the Linux kernel, the following vulnerability has been resolved:
net_sched: drr: Fix double list add in class with netem as child qdisc
As described in Gerrard's report [1], there are use cases where a netem
child qdisc will make the parent qdisc's enqueue callback reentrant.
In the case of drr, there won't be a UAF, but the code will add the same
classifier to the list twice, which will cause memory corruption.
In addition to checking for qlen being zero, this patch checks whether the
class was already added to the active_list (cl_is_active) before adding
to the list to cover for the reentrant case.
[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/
Severity
No CVSS data available.
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/5da3aad1a13e7edb8… | |
| https://git.kernel.org/stable/c/4b07ac06b0a712923… | |
| https://git.kernel.org/stable/c/2968632880f179200… | |
| https://git.kernel.org/stable/c/4f0ecf50cdf76da95… | |
| https://git.kernel.org/stable/c/db205b92dfe0501e5… | |
| https://git.kernel.org/stable/c/26e75716b94d6ff9b… | |
| https://git.kernel.org/stable/c/ab2248110738d4429… | |
| https://git.kernel.org/stable/c/f99a3fbf023e20b62… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 5da3aad1a13e7edb8ff0778a444ccf49930313e9
(git)
Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 4b07ac06b0a712923255aaf2691637693fc7100d (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 2968632880f1792007eedd12eeedf7f6e2b7e9f3 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 4f0ecf50cdf76da95828578a92f130b653ac2fcf (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < db205b92dfe0501e5b92fb7cf00971d0e44ba3eb (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < 26e75716b94d6ff9be5ea07d63675c4d189f30b4 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < ab2248110738d4429668140ad22f530a9ee730e1 (git) Affected: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea , < f99a3fbf023e20b626be4b0f042463d598050c9a (git) |
|
| Linux | Linux |
Affected:
5.0
Unaffected: 0 , < 5.0 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:17.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_drr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5da3aad1a13e7edb8ff0778a444ccf49930313e9",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "4b07ac06b0a712923255aaf2691637693fc7100d",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "2968632880f1792007eedd12eeedf7f6e2b7e9f3",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "4f0ecf50cdf76da95828578a92f130b653ac2fcf",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "db205b92dfe0501e5b92fb7cf00971d0e44ba3eb",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "26e75716b94d6ff9be5ea07d63675c4d189f30b4",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "ab2248110738d4429668140ad22f530a9ee730e1",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
},
{
"lessThan": "f99a3fbf023e20b626be4b0f042463d598050c9a",
"status": "affected",
"version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_drr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: drr: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc\u0027s enqueue callback reentrant.\nIn the case of drr, there won\u0027t be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nIn addition to checking for qlen being zero, this patch checks whether the\nclass was already added to the active_list (cl_is_active) before adding\nto the list to cover for the reentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:34.269Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5da3aad1a13e7edb8ff0778a444ccf49930313e9"
},
{
"url": "https://git.kernel.org/stable/c/4b07ac06b0a712923255aaf2691637693fc7100d"
},
{
"url": "https://git.kernel.org/stable/c/2968632880f1792007eedd12eeedf7f6e2b7e9f3"
},
{
"url": "https://git.kernel.org/stable/c/4f0ecf50cdf76da95828578a92f130b653ac2fcf"
},
{
"url": "https://git.kernel.org/stable/c/db205b92dfe0501e5b92fb7cf00971d0e44ba3eb"
},
{
"url": "https://git.kernel.org/stable/c/26e75716b94d6ff9be5ea07d63675c4d189f30b4"
},
{
"url": "https://git.kernel.org/stable/c/ab2248110738d4429668140ad22f530a9ee730e1"
},
{
"url": "https://git.kernel.org/stable/c/f99a3fbf023e20b626be4b0f042463d598050c9a"
}
],
"title": "net_sched: drr: Fix double list add in class with netem as child qdisc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37915",
"datePublished": "2025-05-20T15:21:46.440Z",
"dateReserved": "2025-04-16T04:51:23.967Z",
"dateUpdated": "2026-05-11T21:17:34.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37923 (GCVE-0-2025-37923)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
tracing: Fix oob write in trace_seq_to_buffer()
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix oob write in trace_seq_to_buffer()
syzbot reported this bug:
==================================================================
BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]
BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822
Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260
CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xc3/0x670 mm/kasan/report.c:521
kasan_report+0xe0/0x110 mm/kasan/report.c:634
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
__asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106
trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]
tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822
....
==================================================================
It has been reported that trace_seq_to_buffer() tries to copy more data
than PAGE_SIZE to buf. Therefore, to prevent this, we should use the
smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument.
Severity
No CVSS data available.
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/f4b0174e9f18aaba5… | |
| https://git.kernel.org/stable/c/665ce421041890571… | |
| https://git.kernel.org/stable/c/1a3f9482b50b74fa9… | |
| https://git.kernel.org/stable/c/441021e5b3c7d9bd1… | |
| https://git.kernel.org/stable/c/056ebbddb8faf4ddf… | |
| https://git.kernel.org/stable/c/1f27a3e93b8d674b2… | |
| https://git.kernel.org/stable/c/c5d2b66c5ef5037b4… | |
| https://git.kernel.org/stable/c/f5178c41bb43444a6… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3c56819b14b00dd449bd776303e61f8532fad09f , < f4b0174e9f18aaba59ee6ffdaf8827a7f94eb606
(git)
Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 665ce421041890571852422487f4c613d1824ba9 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 441021e5b3c7d9bd1b963590652c415929f3b157 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 056ebbddb8faf4ddf83d005454dd78fc25c2d897 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < 1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4 (git) Affected: 3c56819b14b00dd449bd776303e61f8532fad09f , < f5178c41bb43444a6008150fe6094497135d07cb (git) |
|
| Linux | Linux |
Affected:
2.6.30
Unaffected: 0 , < 2.6.30 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:21.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4b0174e9f18aaba59ee6ffdaf8827a7f94eb606",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
},
{
"lessThan": "665ce421041890571852422487f4c613d1824ba9",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
},
{
"lessThan": "1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
},
{
"lessThan": "441021e5b3c7d9bd1b963590652c415929f3b157",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
},
{
"lessThan": "056ebbddb8faf4ddf83d005454dd78fc25c2d897",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
},
{
"lessThan": "1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
},
{
"lessThan": "c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
},
{
"lessThan": "f5178c41bb43444a6008150fe6094497135d07cb",
"status": "affected",
"version": "3c56819b14b00dd449bd776303e61f8532fad09f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix oob write in trace_seq_to_buffer()\n\nsyzbot reported this bug:\n==================================================================\nBUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]\nBUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822\nWrite of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260\n\nCPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106\n trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]\n tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822\n ....\n==================================================================\n\nIt has been reported that trace_seq_to_buffer() tries to copy more data\nthan PAGE_SIZE to buf. Therefore, to prevent this, we should use the\nsmaller of trace_seq_used(\u0026iter-\u003eseq) and PAGE_SIZE as an argument."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:43.384Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4b0174e9f18aaba59ee6ffdaf8827a7f94eb606"
},
{
"url": "https://git.kernel.org/stable/c/665ce421041890571852422487f4c613d1824ba9"
},
{
"url": "https://git.kernel.org/stable/c/1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f"
},
{
"url": "https://git.kernel.org/stable/c/441021e5b3c7d9bd1b963590652c415929f3b157"
},
{
"url": "https://git.kernel.org/stable/c/056ebbddb8faf4ddf83d005454dd78fc25c2d897"
},
{
"url": "https://git.kernel.org/stable/c/1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d"
},
{
"url": "https://git.kernel.org/stable/c/c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4"
},
{
"url": "https://git.kernel.org/stable/c/f5178c41bb43444a6008150fe6094497135d07cb"
}
],
"title": "tracing: Fix oob write in trace_seq_to_buffer()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37923",
"datePublished": "2025-05-20T15:21:51.927Z",
"dateReserved": "2025-04-16T04:51:23.969Z",
"dateUpdated": "2026-05-11T21:17:43.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37927 (GCVE-0-2025-37927)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
Title
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
There is a string parsing logic error which can lead to an overflow of hid
or uid buffers. Comparing ACPIID_LEN against a total string length doesn't
take into account the lengths of individual hid and uid buffers so the
check is insufficient in some cases. For example if the length of hid
string is 4 and the length of the uid string is 260, the length of str
will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer
which size is 256.
The same applies to the hid string with length 13 and uid string with
length 250.
Check the length of hid and uid strings separately to prevent
buffer overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity
No CVSS data available.
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/2b65060c84ee4d8dc… | |
| https://git.kernel.org/stable/c/a65ebfed65fa62797… | |
| https://git.kernel.org/stable/c/466d9da267079a8d3… | |
| https://git.kernel.org/stable/c/c3f37faa71f5d26dd… | |
| https://git.kernel.org/stable/c/13d67528e1ae4486e… | |
| https://git.kernel.org/stable/c/10d901a95f8e766e5… | |
| https://git.kernel.org/stable/c/c8bdfc0297965bb13… | |
| https://git.kernel.org/stable/c/8dee308e4c01dea48… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 2b65060c84ee4d8dc64fae6d2728b528e9e832e1
(git)
Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < a65ebfed65fa62797ec1f5f1dcf7adb157a2de1e (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 466d9da267079a8d3b69fa72dfa3a732e1f6dbb5 (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < c3f37faa71f5d26dd2144b3f2b14525ec8f5e41f (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 13d67528e1ae4486e9ab24b70122fab104c73c29 (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 10d901a95f8e766e5aa0bb9a983fb41271f64718 (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < c8bdfc0297965bb13fa439d36ca9c4f7c8447f0f (git) Affected: ca3bf5d47cec8b7614bcb2e9132c40081d6d81db , < 8dee308e4c01dea48fc104d37f92d5b58c50b96c (git) |
|
| Linux | Linux |
Affected:
4.7
Unaffected: 0 , < 4.7 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.182 , ≤ 5.15.* (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:24.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/amd/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b65060c84ee4d8dc64fae6d2728b528e9e832e1",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
},
{
"lessThan": "a65ebfed65fa62797ec1f5f1dcf7adb157a2de1e",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
},
{
"lessThan": "466d9da267079a8d3b69fa72dfa3a732e1f6dbb5",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
},
{
"lessThan": "c3f37faa71f5d26dd2144b3f2b14525ec8f5e41f",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
},
{
"lessThan": "13d67528e1ae4486e9ab24b70122fab104c73c29",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
},
{
"lessThan": "10d901a95f8e766e5aa0bb9a983fb41271f64718",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
},
{
"lessThan": "c8bdfc0297965bb13fa439d36ca9c4f7c8447f0f",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
},
{
"lessThan": "8dee308e4c01dea48fc104d37f92d5b58c50b96c",
"status": "affected",
"version": "ca3bf5d47cec8b7614bcb2e9132c40081d6d81db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/amd/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid\n\nThere is a string parsing logic error which can lead to an overflow of hid\nor uid buffers. Comparing ACPIID_LEN against a total string length doesn\u0027t\ntake into account the lengths of individual hid and uid buffers so the\ncheck is insufficient in some cases. For example if the length of hid\nstring is 4 and the length of the uid string is 260, the length of str\nwill be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer\nwhich size is 256.\n\nThe same applies to the hid string with length 13 and uid string with\nlength 250.\n\nCheck the length of hid and uid strings separately to prevent\nbuffer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:48.029Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b65060c84ee4d8dc64fae6d2728b528e9e832e1"
},
{
"url": "https://git.kernel.org/stable/c/a65ebfed65fa62797ec1f5f1dcf7adb157a2de1e"
},
{
"url": "https://git.kernel.org/stable/c/466d9da267079a8d3b69fa72dfa3a732e1f6dbb5"
},
{
"url": "https://git.kernel.org/stable/c/c3f37faa71f5d26dd2144b3f2b14525ec8f5e41f"
},
{
"url": "https://git.kernel.org/stable/c/13d67528e1ae4486e9ab24b70122fab104c73c29"
},
{
"url": "https://git.kernel.org/stable/c/10d901a95f8e766e5aa0bb9a983fb41271f64718"
},
{
"url": "https://git.kernel.org/stable/c/c8bdfc0297965bb13fa439d36ca9c4f7c8447f0f"
},
{
"url": "https://git.kernel.org/stable/c/8dee308e4c01dea48fc104d37f92d5b58c50b96c"
}
],
"title": "iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37927",
"datePublished": "2025-05-20T15:21:53.973Z",
"dateReserved": "2025-04-16T04:51:23.969Z",
"dateUpdated": "2026-05-11T21:17:48.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…