#VU108368 Buffer overflow in Linux kernel - CVE-2025-37754
Vulnerability identifier: #VU108368
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the intel_uc_init_late() function in drivers/gpu/drm/i915/gt/uc/intel_uc.c, within the intel_huc_init_early() and intel_huc_fini() functions in drivers/gpu/drm/i915/gt/uc/intel_huc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.14, 6.14.1, 6.14.2
External links
https://git.kernel.org/stable/c/4bd4bf79bcfe101f0385ab81dbabb6e3f7d96c00
https://git.kernel.org/stable/c/9f5ef4a5eaa61a7a4ed31231da45deb85065397a
https://git.kernel.org/stable/c/c5a906806162aea62dbe5d327760ce3b7117ca17
https://git.kernel.org/stable/c/e3ea2eae70692a455e256787e4f54153fb739b90
https://git.kernel.org/stable/c/f104ef4db9f8f3923cc06ed1fafb3da38df6006d
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
