Buffer overflow in Linux kernel - CVE-2025-37867
Published: May 9, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108889
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37867
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ib_init_umem_odp() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-37867
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/0d81bb58a203ad5f4044dc18cfbc230c194f650a
- https://git.kernel.org/stable/c/6c588e9afbab240c921f936cb676dac72e2e2b66
- https://git.kernel.org/stable/c/791daf8240cedf27af8794038ae1d32ef643bce6
- https://git.kernel.org/stable/c/9a0e6f15029e1a8a21e40f06fd05aa52b7f063de
- https://git.kernel.org/stable/c/ae470d06320dea4002d441784d691f0a26b4322d
- https://git.kernel.org/stable/c/f476eba25fdf70faa7b19a3e0fb00e65c5b53106
- https://git.kernel.org/stable/c/f94ac90ce7bd6f9266ad0d99044ed86e8d1416c1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.237