#VU109575 Buffer overflow in Linux kernel - CVE-2025-37923
Published: May 21, 2025 / Updated: May 21, 2025
Vulnerability identifier: #VU109575
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37923
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/056ebbddb8faf4ddf83d005454dd78fc25c2d897
- https://git.kernel.org/stable/c/1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f
- https://git.kernel.org/stable/c/1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d
- https://git.kernel.org/stable/c/441021e5b3c7d9bd1b963590652c415929f3b157
- https://git.kernel.org/stable/c/c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4
- https://git.kernel.org/stable/c/f5178c41bb43444a6008150fe6094497135d07cb
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.182
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90