#VU108395 Input validation error in Linux kernel - CVE-2025-37790
Vulnerability identifier: #VU108395
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_sk_hash() function in net/mctp/af_mctp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.14, 6.14.1, 6.14.2, 6.14.3
External links
https://git.kernel.org/stable/c/3f899bd6dd56ddc46509b526e23a8f0a97712a6d
https://git.kernel.org/stable/c/52024cd6ec71a6ca934d0cc12452bd8d49850679
https://git.kernel.org/stable/c/5c1313b93c8c2e3904a48aa88e2fa1db28c607ae
https://git.kernel.org/stable/c/a8a3b61ce140e2b0a72a779e8d70f60c0cf1e47a
https://git.kernel.org/stable/c/b9764ebebb007249fb733a131b6110ff333b6616
https://git.kernel.org/stable/c/e3b5edbdb45924a7d4206d13868a2aac71f1e53d
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
