Improper error handling in Linux kernel - CVE-2025-37929
Published: May 21, 2025 / Updated: May 21, 2025
Vulnerability identifier: #VU109550
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37929
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-37929
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/090c8714efe1c3c470301cc2f794c1ee2a57746c
- https://git.kernel.org/stable/c/333579202f09e260e8116321df4c55f80a19b160
- https://git.kernel.org/stable/c/3821cae9bd5a99a42d3d0be1b58e41f072cd4c4c
- https://git.kernel.org/stable/c/446289b8b36b2ee98dabf6388acbddcc33ed41be
- https://git.kernel.org/stable/c/6266b3509b2c6ebf2f9daf2239ff8eb60c5f5bd3
- https://git.kernel.org/stable/c/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.182
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90