#VU109557 Infinite loop in Linux kernel - CVE-2025-37969

Cybersecurity Help s.r.o.

Published: 2025-05-21

Vulnerability identifier: #VU109557

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37969

CWE-ID: CWE-835

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/16857370b3a30663515956b3bd27f3def6a2cf06
https://git.kernel.org/stable/c/35b8c0a284983b71d92d082c54b7eb655ed4194f
https://git.kernel.org/stable/c/8114ef86e2058e2554111b793596f17bee23fa15
https://git.kernel.org/stable/c/9ce662851380fe2018e36e15c0bdcb1ad177ed95
https://git.kernel.org/stable/c/9ddb4cf2192c213e4dba1733bbcdc94cf6d85bf7
https://git.kernel.org/stable/c/dadf9116108315f2eb14c7415c7805f392c476b4

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 24.03 LTS SP1 update for kernel

openEuler 24.03 LTS update for kernel

Debian update for linux

Infinite loop in Linux kernel imu st_lsm6dsx driver