CVE-2025-37791

EPSS 0.02%
Veröffentlicht 01.05.2025 13:07:24
Zuletzt bearbeitet 02.05.2025 13:53:20
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()

rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct
size of rpl is sizeof(*rpl) which should be just 1 byte.  Using the
pointer size instead can cause stack corruption:

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtool_cmis_wait_for_cond+0xf4/0x100
CPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded Tainted: G           OE      6.11.0 #24
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: Dell Inc. PowerEdge R760/04GWWM, BIOS 1.6.6 09/20/2023
Workqueue: events module_flash_fw_work
Call Trace:
 <TASK>
 panic+0x339/0x360
 ? ethtool_cmis_wait_for_cond+0xf4/0x100
 ? __pfx_status_success+0x10/0x10
 ? __pfx_status_fail+0x10/0x10
 __stack_chk_fail+0x10/0x10
 ethtool_cmis_wait_for_cond+0xf4/0x100
 ethtool_cmis_cdb_execute_cmd+0x1fc/0x330
 ? __pfx_status_fail+0x10/0x10
 cmis_cdb_module_features_get+0x6d/0xd0
 ethtool_cmis_cdb_init+0x8a/0xd0
 ethtool_cmis_fw_update+0x46/0x1d0
 module_flash_fw_work+0x17/0xa0
 process_one_work+0x179/0x390
 worker_thread+0x239/0x340
 ? __pfx_worker_thread+0x10/0x10
 kthread+0xcc/0x100
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x2d/0x50
 ? __pfx_kthread+0x10/0x10
 ret_from_fork_asm+0x1a/0x30
 </TASK>

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 61765e1b417a23371c3735e3cddf4ad9354ed2e9

Version a39c84d796254e6b1662ca0c46dbc313379e9291

Status affected

Version < 7eb0a0072f966bb0b01d8b7d529d9743a7187bd1

Version a39c84d796254e6b1662ca0c46dbc313379e9291

Status affected

Version < f3fdd4fba16c74697d8bc730b82fb7c1eff7fab3

Version a39c84d796254e6b1662ca0c46dbc313379e9291

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.11

Status affected

Version < 6.11

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.25

Status unaffected

Version <= 6.14.*

Version 6.14.4

Status unaffected

Version <= *

Version 6.15

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/61765e1b417a23371c3735e3cddf4ad9354ed2e9

https://git.kernel.org/stable/c/7eb0a0072f966bb0b01d8b7d529d9743a7187bd1

https://git.kernel.org/stable/c/f3fdd4fba16c74697d8bc730b82fb7c1eff7fab3

https://nvd.nist.gov/vuln/detail/CVE-2025-37791

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37791

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37791

EUVD