5.5

CVE-2025-37820

EPSS 0.02%
Veröffentlicht 08.05.2025 06:26:14
Zuletzt bearbeitet 12.11.2025 21:24:20
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()

The function xdp_convert_buff_to_frame() may return NULL if it fails
to correctly convert the XDP buffer into an XDP frame due to memory
constraints, internal errors, or invalid data. Failing to check for NULL
may lead to a NULL pointer dereference if the result is used later in
processing, potentially causing crashes, data corruption, or undefined
behavior.

On XDP redirect failure, the associated page must be released explicitly
if it was previously retained via get_page(). Failing to do so may result
in a memory leak, as the pages reference count is not decremented.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.9 < 6.1.136

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.89

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.26

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.5

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.041

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/5b83d30c63f9964acb1bc63eb8e670b9e0d2c240

Patch

https://git.kernel.org/stable/c/cefd8a2e2de46209ce66e6d30c237eb59b6c5bfa

Patch

https://git.kernel.org/stable/c/d6a9c4e6f9b3ec3ad98468c950ad214af8a2efb9

Patch

https://git.kernel.org/stable/c/eefccd889df3b49d92e7349d94c4aa7e1ba19f6c

Patch

https://git.kernel.org/stable/c/cc3628dcd851ddd8d418bf0c897024b4621ddc92

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-37820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37820

EUVD