#VU109545 Improper error handling in Linux kernel - CVE-2025-37990

Cybersecurity Help s.r.o.

Published: 2025-05-21 | Updated: 2025-05-21

Vulnerability identifier: #VU109545

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37990

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.14, 6.14.1, 6.14.2, 6.14.3, 6.14.4, 6.14.5

External links
https://git.kernel.org/stable/c/08424a0922fb9e32a19b09d852ee87fb6c497538
https://git.kernel.org/stable/c/508be7c001437bacad7b9a43f08a723887bcd1ea
https://git.kernel.org/stable/c/524b70441baba453b193c418e3142bd31059cc1f
https://git.kernel.org/stable/c/8e089e7b585d95122c8122d732d1d5ef8f879396
https://git.kernel.org/stable/c/bdb435ef9815b1ae28eefffa01c6959d0fcf1fa7
https://git.kernel.org/stable/c/fa9b9f02212574ee1867fbefb0a675362a71b31d
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Debian update for linux

Improper error handling in Linux kernel brcm80211 brcmfmac driver