#VU109550 Improper error handling in Linux kernel - CVE-2025-37929
Published: May 21, 2025 / Updated: May 21, 2025
Vulnerability identifier: #VU109550
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37929
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/090c8714efe1c3c470301cc2f794c1ee2a57746c
- https://git.kernel.org/stable/c/333579202f09e260e8116321df4c55f80a19b160
- https://git.kernel.org/stable/c/3821cae9bd5a99a42d3d0be1b58e41f072cd4c4c
- https://git.kernel.org/stable/c/446289b8b36b2ee98dabf6388acbddcc33ed41be
- https://git.kernel.org/stable/c/6266b3509b2c6ebf2f9daf2239ff8eb60c5f5bd3
- https://git.kernel.org/stable/c/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.182
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90