#VU108324 Input validation error in Linux kernel - CVE-2025-37740

Vulnerability identifier: #VU108324

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37740

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.14, 6.14.1, 6.14.2

---

External links
https://git.kernel.org/stable/c/722e72f7f9c69fcb3ab7988c2471feff7a4c8de1
https://git.kernel.org/stable/c/a065cec230aa807c18828a3eee82f1c8592c2adf
https://git.kernel.org/stable/c/a260bf14cd347878f01f70739ba829442a474a16
https://git.kernel.org/stable/c/a741f29ac8b6374c9904be8b7ac7cdfcd7e7e4fa
https://git.kernel.org/stable/c/c8c96a9e7660e5e5eea445978fe8f2e432d91c1f
https://git.kernel.org/stable/c/cc0bc4cb62ce5fa0c383e3bf0765d01f46bd49ac
https://git.kernel.org/stable/c/ccd97c8a4f90810f228ee40d1055148fa146dd57
https://git.kernel.org/stable/c/ddf2846f22e8575d6b4b6a66f2100f168b8cd73d
https://git.kernel.org/stable/c/e3f85edb03183fb06539e5b50dd2c4bb42b869f0
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.