Buffer overflow in Linux kernel infiniband core driver



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-37867
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU108889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37867

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ib_init_umem_odp() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.10.236

CPE2.3 External links

https://git.kernel.org/stable/c/0d81bb58a203ad5f4044dc18cfbc230c194f650a
https://git.kernel.org/stable/c/6c588e9afbab240c921f936cb676dac72e2e2b66
https://git.kernel.org/stable/c/791daf8240cedf27af8794038ae1d32ef643bce6
https://git.kernel.org/stable/c/9a0e6f15029e1a8a21e40f06fd05aa52b7f063de
https://git.kernel.org/stable/c/ae470d06320dea4002d441784d691f0a26b4322d
https://git.kernel.org/stable/c/f476eba25fdf70faa7b19a3e0fb00e65c5b53106
https://git.kernel.org/stable/c/f94ac90ce7bd6f9266ad0d99044ed86e8d1416c1
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.237


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###