Improper error handling in Linux kernel arm64 kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-37929 |
| CWE-ID | CWE-388 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper error handling
EUVDB-ID: #VU109550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.15 - 6.14.5
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.15:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15.1:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/090c8714efe1c3c470301cc2f794c1ee2a57746c
https://git.kernel.org/stable/c/333579202f09e260e8116321df4c55f80a19b160
https://git.kernel.org/stable/c/3821cae9bd5a99a42d3d0be1b58e41f072cd4c4c
https://git.kernel.org/stable/c/446289b8b36b2ee98dabf6388acbddcc33ed41be
https://git.kernel.org/stable/c/6266b3509b2c6ebf2f9daf2239ff8eb60c5f5bd3
https://git.kernel.org/stable/c/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.182
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.28
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
