#VU108884 Integer overflow in Linux kernel - CVE-2025-37858
Published: May 9, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108884
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37858
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the dbExtendFS() function in fs/jfs/jfs_dmap.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a
- https://git.kernel.org/stable/c/3d8a45f87010a802aa214bf39702ca9d99cbf3ba
- https://git.kernel.org/stable/c/55edbf5dbf60a8195c21e92124c4028939ae16b2
- https://git.kernel.org/stable/c/7ccf3b35274512b60ecb614e0637e76bd6f2d829
- https://git.kernel.org/stable/c/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e
- https://git.kernel.org/stable/c/8bb29629a5e4090e1ef7199cb42db04a52802239
- https://git.kernel.org/stable/c/c802a6a4009f585111f903e810b3be9c6d0da329
- https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454
- https://git.kernel.org/stable/c/ec34cdf4f917cc6abd306cf091f8b8361fedac88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3