7.8

CVE-2025-37947

EPSS 0.01%
Veröffentlicht 20.05.2025 16:15:32
Zuletzt bearbeitet 03.11.2025 20:18:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: prevent out-of-bounds stream writes by validating *pos

ksmbd_vfs_stream_write() did not validate whether the write offset
(*pos) was within the bounds of the existing stream data length (v_len).
If *pos was greater than or equal to v_len, this could lead to an
out-of-bounds memory write.

This patch adds a check to ensure *pos is less than v_len before
proceeding. If the condition fails, -EINVAL is returned.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 7f61da79df86fd140c7768e668ad846bfa7ec8e1

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 04c8a38c60346bb5a7c49b276de7233f703ce9cb

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < d62ba16563a86aae052f96d270b3b6f78fca154c

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < e6356499fd216ed6343ae0363f4c9303f02c5034

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 0ca6df4f40cf4c32487944aaf48319cb6c25accc

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.139

Status unaffected

Version <= 6.6.*

Version 6.6.91

Status unaffected

Version <= 6.12.*

Version 6.12.29

Status unaffected

Version <= 6.14.*

Version 6.14.7

Status unaffected

Version <= *

Version 6.15

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.011

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/04c8a38c60346bb5a7c49b276de7233f703ce9cb

https://git.kernel.org/stable/c/0ca6df4f40cf4c32487944aaf48319cb6c25accc

https://git.kernel.org/stable/c/7f61da79df86fd140c7768e668ad846bfa7ec8e1

https://git.kernel.org/stable/c/d62ba16563a86aae052f96d270b3b6f78fca154c

https://git.kernel.org/stable/c/e6356499fd216ed6343ae0363f4c9303f02c5034

https://github.com/doyensec/KSMBD-CVE-2025-37947/blob/main/CVE-2025-37947.c

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

https://nvd.nist.gov/vuln/detail/CVE-2025-37947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37947

EUVD