Input validation error in Linux kernel overlayfs

Published: 2025-05-09 | Updated: 2025-05-10

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-37863
CWE-ID	CWE-20
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU108899

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37863

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ovl_get_lowerstack() function in fs/overlayfs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6 - 6.14.3

CPE2.3

External links

https://git.kernel.org/stable/c/0874b629f65320778e7e3e206177770666d9db18
https://git.kernel.org/stable/c/21d2ffb0e9838a175064c22f3a9de97d1f56f27d
https://git.kernel.org/stable/c/b9e3579213ba648fa23f780e8d53e99011c62331
https://git.kernel.org/stable/c/eb3a04a8516ee9b5174379306f94279fc90424c4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.25
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.