Main Vulnerability Database SB2025050848

SB2025050848 - Improper error handling in Linux kernel ufs core driver

Published: May 8, 2025 Updated: May 10, 2025

Security Bulletin ID SB2025050848

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper error handling (CVE-ID: CVE-2025-37826)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ufshcd_mcq_compl_pending_transfer() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/08a966a917fe3d92150fa3cc15793ad5e57051eb
https://git.kernel.org/stable/c/700128d67d57bb1de4251e563ab85202def36c50
https://git.kernel.org/stable/c/eeab6618037be84e438e9d6ed5d9a53502faf81f
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.26