#VU108882 Use of uninitialized resource in Linux kernel - CVE-2025-37851
Published: May 9, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108882
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37851
CWE-ID: CWE-908
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dispc_ovl_setup() function in drivers/video/fbdev/omap2/omapfb/dss/dispc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/09dbf22fd68c2f1a81ab89670ffa1ec3033436c4
- https://git.kernel.org/stable/c/3e411827f31db7f938a30a3c7a7599839401ec30
- https://git.kernel.org/stable/c/4efd8ef5e40f2c7a4a91a5a9f03140bfa827da89
- https://git.kernel.org/stable/c/52eafaa56f8f6d6a0cdff9282b25b4acbde34edc
- https://git.kernel.org/stable/c/660a53a0694d1f3789802509fe729dd4656fc5e0
- https://git.kernel.org/stable/c/9b0a41589ee70529b20e1e0108d03f10c649bdc4
- https://git.kernel.org/stable/c/a570efb4d877adbf3db2dc95487f2ba6bfdd148a
- https://git.kernel.org/stable/c/cdf41d72e8b015d9ea68f5a1c0a79624e7c312aa
- https://git.kernel.org/stable/c/fda15c5b96b883d62fb2d84a3a1422aa87717897
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88