Input validation error in Linux kernel include asm

Published: 2025-05-21

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-37948
CWE-ID	CWE-20
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU109581

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/0dfefc2ea2f29ced2416017d7e5b1253a54c2735
https://git.kernel.org/stable/c/38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78
https://git.kernel.org/stable/c/42a20cf51011788f04cf2adbcd7681f02bdb6c27
https://git.kernel.org/stable/c/852b8ae934b5cbdc62496fa56ce9969aa2edda7f
https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.