7.8

CVE-2025-37803

udmabuf: fix a buf size overflow issue during udmabuf creation

In the Linux kernel, the following vulnerability has been resolved:

udmabuf: fix a buf size overflow issue during udmabuf creation

by casting size_limit_mb to u64  when calculate pglimit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.293
LinuxLinux Kernel Version >= 5.5 < 5.10.237
LinuxLinux Kernel Version >= 5.11 < 5.15.181
LinuxLinux Kernel Version >= 5.16 < 6.1.136
LinuxLinux Kernel Version >= 6.2 < 6.6.89
LinuxLinux Kernel Version >= 6.7 < 6.14.5
LinuxLinux Kernel Version6.15 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.082
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f
Patch
https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9
Patch
https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33
Patch
https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe
Patch
https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2
Patch
https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a
Patch
https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f
Patch
https://git.kernel.org/stable/c/29b65a3171a49c9b69f31035146be966cec40b7a
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html