7.8
CVE-2025-37803
- EPSS 0.19%
- Veröffentlicht 08.05.2025 06:26:03
- Zuletzt bearbeitet 03.11.2025 20:18:36
- CVE-Watchlists
- Unerledigt
udmabuf: fix a buf size overflow issue during udmabuf creation
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.4.293
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.237
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.181
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.136
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.89
Linux ≫ Linux Kernel Version >= 6.7 < 6.14.5
Linux ≫ Linux Kernel Version6.15 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.082 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f
https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9
https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33
https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe
https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2
https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a
https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f
https://git.kernel.org/stable/c/29b65a3171a49c9b69f31035146be966cec40b7a
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html