#VU108389 Input validation error in Linux kernel - CVE-2025-37787
Vulnerability identifier: #VU108389
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv88e6xxx_teardown_devlink_regions_global() function in drivers/net/dsa/mv88e6xxx/devlink.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.15, 5.15 rc1, 5.15 rc2, 5.15 rc3, 5.15 rc4, 5.15 rc5, 5.15 rc6, 5.15 rc7, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.15.17, 5.15.18, 5.15.19, 5.15.20, 5.15.21, 5.15.22, 5.15.23, 5.15.24, 5.15.25, 5.15.26, 5.15.27, 5.15.28, 5.15.29, 5.15.30, 5.15.31, 5.15.32, 5.15.33, 5.15.34, 5.15.35, 5.15.36, 5.15.37, 5.15.38, 5.15.39, 5.15.40, 5.15.41, 5.15.42, 5.15.43, 5.15.44, 5.15.45, 5.15.46, 5.15.47, 5.15.48, 5.15.49, 5.15.50, 5.15.51, 5.15.52, 5.15.53, 5.15.54, 5.15.55, 5.15.56, 5.15.57, 5.15.58, 5.15.59, 5.15.60, 5.15.61, 5.15.62, 5.15.63, 5.15.64, 5.15.65, 5.15.66, 5.15.67, 5.15.68, 5.15.69, 5.15.70, 5.15.71, 5.15.72, 5.15.73, 5.15.74, 5.15.75, 5.15.76, 5.15.77, 5.15.78, 5.15.79, 5.15.80, 5.15.81, 5.15.82, 5.15.83, 5.15.84, 5.15.85, 5.15.86, 5.15.87, 5.15.88, 5.15.89, 5.15.90, 5.15.91, 5.15.92, 5.15.93, 5.15.94, 5.15.95, 5.15.96, 5.15.97, 5.15.98, 5.15.99, 5.15.100, 5.15.101, 5.15.102, 5.15.103, 5.15.104, 5.15.105, 5.15.106, 5.15.107, 5.15.108, 5.15.109, 5.15.110, 5.15.111, 5.15.112, 5.15.113, 5.15.114, 5.15.115, 5.15.116, 5.15.117, 5.15.118, 5.15.119, 5.15.120, 5.15.121, 5.15.122, 5.15.123, 5.15.124, 5.15.125, 5.15.126, 5.15.127, 5.15.128, 5.15.129, 5.15.130, 5.15.131, 5.15.132, 5.15.133, 5.15.134, 5.15.135, 5.15.136, 5.15.137, 5.15.138, 5.15.139, 5.15.140, 5.15.141, 5.15.142, 5.15.143, 5.15.144, 5.15.145, 5.15.146, 5.15.147, 5.15.148, 5.15.149, 5.15.150, 5.15.151, 5.15.152, 5.15.153, 5.15.154, 5.15.155, 5.15.156, 5.15.157, 5.15.158, 5.15.159, 5.15.160, 5.15.161, 5.15.162, 5.15.163, 5.15.164, 5.15.165, 5.15.166, 5.15.167, 5.15.168, 5.15.169, 5.15.170, 5.15.171, 5.15.172, 5.15.173, 5.15.174, 5.15.175, 5.15.176, 5.15.177, 5.15.178, 5.15.179, 5.15.180, 6.1, 6.1 rc1, 6.1 rc3, 6.1 rc7, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26, 6.1.27, 6.1.28, 6.1.29, 6.1.30, 6.1.31, 6.1.32, 6.1.33, 6.1.34, 6.1.35, 6.1.36, 6.1.37, 6.1.38, 6.1.39, 6.1.40, 6.1.41, 6.1.42, 6.1.43, 6.1.44, 6.1.45, 6.1.46, 6.1.47, 6.1.48, 6.1.49, 6.1.50, 6.1.51, 6.1.52, 6.1.53, 6.1.54, 6.1.55, 6.1.56, 6.1.57, 6.1.58, 6.1.59, 6.1.60, 6.1.61, 6.1.62, 6.1.63, 6.1.64, 6.1.65, 6.1.66, 6.1.67, 6.1.68, 6.1.69, 6.1.70, 6.1.71, 6.1.72, 6.1.73, 6.1.74, 6.1.75, 6.1.76, 6.1.77, 6.1.78, 6.1.79, 6.1.80, 6.1.81, 6.1.82, 6.1.83, 6.1.84, 6.1.85, 6.1.86, 6.1.87, 6.1.88, 6.1.89, 6.1.90, 6.1.91, 6.1.92, 6.1.93, 6.1.94, 6.1.95, 6.1.96, 6.1.97, 6.1.98, 6.1.99, 6.1.100, 6.1.101, 6.1.102, 6.1.103, 6.1.104, 6.1.105, 6.1.106, 6.1.107, 6.1.108, 6.1.109, 6.1.110, 6.1.111, 6.1.112, 6.1.113, 6.1.114, 6.1.115, 6.1.116, 6.1.117, 6.1.118, 6.1.119, 6.1.120, 6.1.121, 6.1.122, 6.1.123, 6.1.124, 6.1.125, 6.1.126, 6.1.127, 6.1.128, 6.1.129, 6.1.130, 6.1.131, 6.1.132, 6.1.133, 6.1.134, 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.6.26, 6.6.27, 6.6.28, 6.6.29, 6.6.30, 6.6.31, 6.6.32, 6.6.33, 6.6.34, 6.6.35, 6.6.36, 6.6.37, 6.6.38, 6.6.39, 6.6.40, 6.6.41, 6.6.42, 6.6.43, 6.6.44, 6.6.45, 6.6.46, 6.6.47, 6.6.48, 6.6.49, 6.6.50, 6.6.51, 6.6.52, 6.6.53, 6.6.54, 6.6.55, 6.6.56, 6.6.57, 6.6.58, 6.6.59, 6.6.60, 6.6.61, 6.6.62, 6.6.63, 6.6.64, 6.6.65, 6.6.66, 6.6.67, 6.6.68, 6.6.69, 6.6.70, 6.6.71, 6.6.72, 6.6.73, 6.6.74, 6.6.75, 6.6.76, 6.6.77, 6.6.78, 6.6.79, 6.6.80, 6.6.81, 6.6.82, 6.6.83, 6.6.84, 6.6.85, 6.6.86, 6.6.87, 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20, 6.12.21, 6.12.22, 6.12.23, 6.12.24, 6.14, 6.14.1, 6.14.2, 6.14.3
External links
https://git.kernel.org/stable/c/3665695e3572239dc233216f06b41f40cc771889
https://git.kernel.org/stable/c/5f5e95945bb1e08be7655da6acba648274db457d
https://git.kernel.org/stable/c/8ccdf5e24b276848eefb2755e05ff0f005a0c4a1
https://git.kernel.org/stable/c/b3c70dfe51f10df60db2646c08cebd24bcdc5247
https://git.kernel.org/stable/c/bbb80f004f7a90c3dcaacc982c59967457254a05
https://git.kernel.org/stable/c/c84f6ce918a9e6f4996597cbc62536bbf2247c96
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.181
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.25
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
