5.5

CVE-2025-37857

scsi: st: Fix array overflow in st_setup()

In the Linux kernel, the following vulnerability has been resolved:

scsi: st: Fix array overflow in st_setup()

Change the array size to follow parms size instead of a fixed value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.293
LinuxLinux Kernel Version >= 5.5 < 5.10.237
LinuxLinux Kernel Version >= 5.11 < 5.15.181
LinuxLinux Kernel Version >= 5.16 < 6.1.135
LinuxLinux Kernel Version >= 6.2 < 6.6.88
LinuxLinux Kernel Version >= 6.7 < 6.12.24
LinuxLinux Kernel Version >= 6.13 < 6.13.12
LinuxLinux Kernel Version >= 6.14 < 6.14.3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.167
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/736ae988bfb5932c05625baff70fba224d547c08
Patch
https://git.kernel.org/stable/c/574b399a7fb6ae71c97e26d122205c4a720c0e43
Patch
https://git.kernel.org/stable/c/c6015d0f7a2236ddb3928b2dfcb1c556a1368b55
Patch
https://git.kernel.org/stable/c/f746fe0c51e044d1248dc67918328bfb3d86b639
Patch
https://git.kernel.org/stable/c/e4d1ca0a84a6650d3172eb8c07ef2fbc585b0d96
Patch
https://git.kernel.org/stable/c/7fe3b4deed8b93609058c37c9a11df1d2b2c0423
Patch
https://git.kernel.org/stable/c/e6b585d016c47ca8a37b92ea8a3fe35c0b585256
Patch
https://git.kernel.org/stable/c/ad4c3037dc77739a625246a2a0fb23b8f3402c06
Patch
https://git.kernel.org/stable/c/a018d1cf990d0c339fe0e29b762ea5dc10567d67
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Third Party Advisory
Mailing List