certfr_avis - certfr-2025-avi-0480

CERTFR-2025-AVI-0480

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Red Hat	N/A	Red Hat Enterprise Linux for x86_64 10 x86_64
Red Hat	N/A	Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
Red Hat	N/A	Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
Red Hat	N/A	Red Hat Enterprise Linux for Power, little endian 10 ppc64le
Red Hat	N/A	Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
Red Hat	N/A	Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64
Red Hat	N/A	Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x
Red Hat	N/A	Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
Red Hat	N/A	Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
Red Hat	N/A	Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
Red Hat	N/A	Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
Red Hat	N/A	Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
Red Hat	N/A	Red Hat CodeReady Linux Builder for x86_64 10 x86_64
Red Hat	N/A	Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
Red Hat	N/A	Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
Red Hat	N/A	Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
Red Hat	N/A	Red Hat Enterprise Linux for ARM 64 10 aarch64
Red Hat	N/A	Red Hat Enterprise Linux for IBM z Systems 10 s390x
Red Hat	N/A	Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
Red Hat	N/A	Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2025:8374

2025-06-02

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux for x86_64 10 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 10 aarch64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Power, little endian 10 ppc64le",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 10 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 10 aarch64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems 10 s390x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-37785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
    },
    {
      "name": "CVE-2025-21919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
    },
    {
      "name": "CVE-2025-21964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
    }
  ],
  "initial_release_date": "2025-06-06T00:00:00",
  "last_revision_date": "2025-06-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0480",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Red Hat. Elles  permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": "2025-06-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2025:8374",
      "url": "https://access.redhat.com/errata/RHSA-2025:8374"
    }
  ]
}

CVE-2025-21919 (GCVE-0-2025-21919)

Vulnerability from cvelistv5

Published

2025-04-01 15:40

Modified

2025-10-01 19:26

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in list_add_leaf_cfs_rq, where both cfs_rq->leaf_cfs_rq_list and rq->leaf_cfs_rq_list are added to the same leaf list. Also, rq->tmp_alone_branch can be set to rq->leaf_cfs_rq_list. This adds a check `if (prev == &rq->leaf_cfs_rq_list)` after the main conditional in child_cfs_rq_on_list. This ensures that the container_of operation will convert a correct cfs_rq struct. This check is sufficient because only cfs_rqs on the same CPU are added to the list, so verifying the 'prev' pointer against the current rq's list head is enough. Fixes a potential memory corruption issue that due to current struct layout might not be manifesting as a crash but could lead to unpredictable behavior when the layout changes.

References

URL

Tags

	https://git.kernel.org/stable/c/5cb300dcdd27e6a351ac02541e0231261c775852
	https://git.kernel.org/stable/c/000c9ee43928f2ce68a156dd40bab7616256f4dd
	https://git.kernel.org/stable/c/9cc7f0018609f75a349e42e3aebc3b0e905ba775
	https://git.kernel.org/stable/c/b5741e4b9ef3567613b2351384f91d3f16e59986
	https://git.kernel.org/stable/c/e1dd09df30ba86716cb2ffab97dc35195c01eb8f
	https://git.kernel.org/stable/c/3b4035ddbfc8e4521f85569998a7569668cccf51

Impacted products

Vendor

Product

Version

Linux

Version: fdaba61ef8a268d4136d0a113d153f7a89eb9984
Version: fdaba61ef8a268d4136d0a113d153f7a89eb9984
Version: fdaba61ef8a268d4136d0a113d153f7a89eb9984
Version: fdaba61ef8a268d4136d0a113d153f7a89eb9984
Version: fdaba61ef8a268d4136d0a113d153f7a89eb9984
Version: fdaba61ef8a268d4136d0a113d153f7a89eb9984

Linux

Version: 5.13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:23:59.713530Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:26:33.844Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/fair.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5cb300dcdd27e6a351ac02541e0231261c775852",
              "status": "affected",
              "version": "fdaba61ef8a268d4136d0a113d153f7a89eb9984",
              "versionType": "git"
            },
            {
              "lessThan": "000c9ee43928f2ce68a156dd40bab7616256f4dd",
              "status": "affected",
              "version": "fdaba61ef8a268d4136d0a113d153f7a89eb9984",
              "versionType": "git"
            },
            {
              "lessThan": "9cc7f0018609f75a349e42e3aebc3b0e905ba775",
              "status": "affected",
              "version": "fdaba61ef8a268d4136d0a113d153f7a89eb9984",
              "versionType": "git"
            },
            {
              "lessThan": "b5741e4b9ef3567613b2351384f91d3f16e59986",
              "status": "affected",
              "version": "fdaba61ef8a268d4136d0a113d153f7a89eb9984",
              "versionType": "git"
            },
            {
              "lessThan": "e1dd09df30ba86716cb2ffab97dc35195c01eb8f",
              "status": "affected",
              "version": "fdaba61ef8a268d4136d0a113d153f7a89eb9984",
              "versionType": "git"
            },
            {
              "lessThan": "3b4035ddbfc8e4521f85569998a7569668cccf51",
              "status": "affected",
              "version": "fdaba61ef8a268d4136d0a113d153f7a89eb9984",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/fair.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.131",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.131",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.83",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.19",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.7",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix potential memory corruption in child_cfs_rq_on_list\n\nchild_cfs_rq_on_list attempts to convert a \u0027prev\u0027 pointer to a cfs_rq.\nThis \u0027prev\u0027 pointer can originate from struct rq\u0027s leaf_cfs_rq_list,\nmaking the conversion invalid and potentially leading to memory\ncorruption. Depending on the relative positions of leaf_cfs_rq_list and\nthe task group (tg) pointer within the struct, this can cause a memory\nfault or access garbage data.\n\nThe issue arises in list_add_leaf_cfs_rq, where both\ncfs_rq-\u003eleaf_cfs_rq_list and rq-\u003eleaf_cfs_rq_list are added to the same\nleaf list. Also, rq-\u003etmp_alone_branch can be set to rq-\u003eleaf_cfs_rq_list.\n\nThis adds a check `if (prev == \u0026rq-\u003eleaf_cfs_rq_list)` after the main\nconditional in child_cfs_rq_on_list. This ensures that the container_of\noperation will convert a correct cfs_rq struct.\n\nThis check is sufficient because only cfs_rqs on the same CPU are added\nto the list, so verifying the \u0027prev\u0027 pointer against the current rq\u0027s list\nhead is enough.\n\nFixes a potential memory corruption issue that due to current struct\nlayout might not be manifesting as a crash but could lead to unpredictable\nbehavior when the layout changes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:24:33.615Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5cb300dcdd27e6a351ac02541e0231261c775852"
        },
        {
          "url": "https://git.kernel.org/stable/c/000c9ee43928f2ce68a156dd40bab7616256f4dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cc7f0018609f75a349e42e3aebc3b0e905ba775"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5741e4b9ef3567613b2351384f91d3f16e59986"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1dd09df30ba86716cb2ffab97dc35195c01eb8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b4035ddbfc8e4521f85569998a7569668cccf51"
        }
      ],
      "title": "sched/fair: Fix potential memory corruption in child_cfs_rq_on_list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21919",
    "datePublished": "2025-04-01T15:40:54.075Z",
    "dateReserved": "2024-12-29T08:45:45.787Z",
    "dateUpdated": "2025-10-01T19:26:33.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-21964 (GCVE-0-2025-21964)

Vulnerability from cvelistv5

Published

2025-04-01 15:47

Modified

2025-10-01 19:26

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

URL

Tags

	https://git.kernel.org/stable/c/a13351624a6af8d91398860b8c9d4cf6c8e63de5
	https://git.kernel.org/stable/c/dd190168e60ac15408f074a1fe0ce36aff34027b
	https://git.kernel.org/stable/c/0252c33cc943e9e48ddfafaa6b1eb72adb68a099
	https://git.kernel.org/stable/c/833f2903eb8b70faca7967319e580e9ce69729fc
	https://git.kernel.org/stable/c/5f500874ab9b3cc8c169c2ab49f00b838520b9c5
	https://git.kernel.org/stable/c/7489161b1852390b4413d57f2457cd40b34da6cc

Impacted products

Vendor

Product

Version

Linux

Version: 5780464614f6abe6026f00cf5a0777aa453ba450
Version: 5780464614f6abe6026f00cf5a0777aa453ba450
Version: 5780464614f6abe6026f00cf5a0777aa453ba450
Version: 5780464614f6abe6026f00cf5a0777aa453ba450
Version: 5780464614f6abe6026f00cf5a0777aa453ba450
Version: 5780464614f6abe6026f00cf5a0777aa453ba450

Linux

Version: 5.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21964",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:20:39.076942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:26:31.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/fs_context.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a13351624a6af8d91398860b8c9d4cf6c8e63de5",
              "status": "affected",
              "version": "5780464614f6abe6026f00cf5a0777aa453ba450",
              "versionType": "git"
            },
            {
              "lessThan": "dd190168e60ac15408f074a1fe0ce36aff34027b",
              "status": "affected",
              "version": "5780464614f6abe6026f00cf5a0777aa453ba450",
              "versionType": "git"
            },
            {
              "lessThan": "0252c33cc943e9e48ddfafaa6b1eb72adb68a099",
              "status": "affected",
              "version": "5780464614f6abe6026f00cf5a0777aa453ba450",
              "versionType": "git"
            },
            {
              "lessThan": "833f2903eb8b70faca7967319e580e9ce69729fc",
              "status": "affected",
              "version": "5780464614f6abe6026f00cf5a0777aa453ba450",
              "versionType": "git"
            },
            {
              "lessThan": "5f500874ab9b3cc8c169c2ab49f00b838520b9c5",
              "status": "affected",
              "version": "5780464614f6abe6026f00cf5a0777aa453ba450",
              "versionType": "git"
            },
            {
              "lessThan": "7489161b1852390b4413d57f2457cd40b34da6cc",
              "status": "affected",
              "version": "5780464614f6abe6026f00cf5a0777aa453ba450",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/fs_context.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.132",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.180",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.132",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.84",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.20",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.8",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acregmax mount option\n\nUser-provided mount parameter acregmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:25:54.113Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a13351624a6af8d91398860b8c9d4cf6c8e63de5"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd190168e60ac15408f074a1fe0ce36aff34027b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0252c33cc943e9e48ddfafaa6b1eb72adb68a099"
        },
        {
          "url": "https://git.kernel.org/stable/c/833f2903eb8b70faca7967319e580e9ce69729fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f500874ab9b3cc8c169c2ab49f00b838520b9c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7489161b1852390b4413d57f2457cd40b34da6cc"
        }
      ],
      "title": "cifs: Fix integer overflow while processing acregmax mount option",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21964",
    "datePublished": "2025-04-01T15:47:00.594Z",
    "dateReserved": "2024-12-29T08:45:45.795Z",
    "dateUpdated": "2025-10-01T19:26:31.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-37785 (GCVE-0-2025-37785)

Vulnerability from cvelistv5

Published

2025-04-18 07:01

Modified

2025-05-26 05:20

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry() and then uses its rec_len member to compute the location of '..' dir entry (in ext4_next_entry). It assumes the '..' dir entry fits into the same data block. If the rec_len of '.' is precisely one block (4KB), it slips through the sanity checks (it is considered the last directory entry in the data block) and leaves "struct ext4_dir_entry_2 *de" point exactly past the memory slot allocated to the data block. The following call to ext4_check_dir_entry() on new value of de then dereferences this pointer which results in out-of-bounds mem access. Fix this by extending __ext4_check_dir_entry() to check for '.' dir entries that reach the end of data block. Make sure to ignore the phony dir entries for checksum (by checking name_len for non-zero). Note: This is reported by KASAN as use-after-free in case another structure was recently freed from the slot past the bound, but it is really an OOB read. This issue was found by syzkaller tool. Call Trace: [ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710 [ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375 [ 38.595158] [ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1 [ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 38.595304] Call Trace: [ 38.595308] <TASK> [ 38.595311] dump_stack_lvl+0xa7/0xd0 [ 38.595325] print_address_description.constprop.0+0x2c/0x3f0 [ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595349] print_report+0xaa/0x250 [ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595368] ? kasan_addr_to_slab+0x9/0x90 [ 38.595378] kasan_report+0xab/0xe0 [ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595400] __ext4_check_dir_entry+0x67e/0x710 [ 38.595410] ext4_empty_dir+0x465/0x990 [ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10 [ 38.595432] ext4_rmdir.part.0+0x29a/0xd10 [ 38.595441] ? __dquot_initialize+0x2a7/0xbf0 [ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10 [ 38.595464] ? __pfx___dquot_initialize+0x10/0x10 [ 38.595478] ? down_write+0xdb/0x140 [ 38.595487] ? __pfx_down_write+0x10/0x10 [ 38.595497] ext4_rmdir+0xee/0x140 [ 38.595506] vfs_rmdir+0x209/0x670 [ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190 [ 38.595529] do_rmdir+0x363/0x3c0 [ 38.595537] ? __pfx_do_rmdir+0x10/0x10 [ 38.595544] ? strncpy_from_user+0x1ff/0x2e0 [ 38.595561] __x64_sys_unlinkat+0xf0/0x130 [ 38.595570] do_syscall_64+0x5b/0x180 [ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e

References

URL

Tags

	https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351
	https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4
	https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b
	https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93
	https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842
	https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78
	https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b
	https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00
	https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353

Impacted products

Vendor

Product

Version

Linux

Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571
Version: ac27a0ec112a089f1a5102bc8dffc79c8c815571

Linux

Version: 2.6.19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "14da7dbecb430e35b5889da8dae7bef33173b351",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "e47f472a664d70a3d104a6c2a035cdff55a719b4",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "b7531a4f99c3887439d778afaf418d1a01a5f01b",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "89503e5eae64637d0fa2218912b54660effe7d93",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "52a5509ab19a5d3afe301165d9b5787bba34d842",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "b47584c556444cf7acb66b26a62cbc348eb92b78",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "ac28c5684c1cdab650a7e5065b19e91577d37a4b",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "53bc45da8d8da92ec07877f5922b130562eb4b00",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "d5e206778e96e8667d3bde695ad372c296dc9353",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.19"
            },
            {
              "lessThan": "2.6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.236",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.293",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.236",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.180",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.134",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.87",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.23",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.11",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.2",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains \u0027.\u0027 dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least \u0027.\u0027\nand \u0027..\u0027 as directory entries in the first data block. It first loads\nthe \u0027.\u0027 dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of \u0027..\u0027 dir\nentry (in ext4_next_entry). It assumes the \u0027..\u0027 dir entry fits into the\nsame data block.\n\nIf the rec_len of \u0027.\u0027 is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for \u0027.\u0027 dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[   38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[   38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[   38.595158]\n[   38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[   38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[   38.595304] Call Trace:\n[   38.595308]  \u003cTASK\u003e\n[   38.595311]  dump_stack_lvl+0xa7/0xd0\n[   38.595325]  print_address_description.constprop.0+0x2c/0x3f0\n[   38.595339]  ? __ext4_check_dir_entry+0x67e/0x710\n[   38.595349]  print_report+0xaa/0x250\n[   38.595359]  ? __ext4_check_dir_entry+0x67e/0x710\n[   38.595368]  ? kasan_addr_to_slab+0x9/0x90\n[   38.595378]  kasan_report+0xab/0xe0\n[   38.595389]  ? __ext4_check_dir_entry+0x67e/0x710\n[   38.595400]  __ext4_check_dir_entry+0x67e/0x710\n[   38.595410]  ext4_empty_dir+0x465/0x990\n[   38.595421]  ? __pfx_ext4_empty_dir+0x10/0x10\n[   38.595432]  ext4_rmdir.part.0+0x29a/0xd10\n[   38.595441]  ? __dquot_initialize+0x2a7/0xbf0\n[   38.595455]  ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[   38.595464]  ? __pfx___dquot_initialize+0x10/0x10\n[   38.595478]  ? down_write+0xdb/0x140\n[   38.595487]  ? __pfx_down_write+0x10/0x10\n[   38.595497]  ext4_rmdir+0xee/0x140\n[   38.595506]  vfs_rmdir+0x209/0x670\n[   38.595517]  ? lookup_one_qstr_excl+0x3b/0x190\n[   38.595529]  do_rmdir+0x363/0x3c0\n[   38.595537]  ? __pfx_do_rmdir+0x10/0x10\n[   38.595544]  ? strncpy_from_user+0x1ff/0x2e0\n[   38.595561]  __x64_sys_unlinkat+0xf0/0x130\n[   38.595570]  do_syscall_64+0x5b/0x180\n[   38.595583]  entry_SYSCALL_64_after_hwframe+0x76/0x7e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:20:50.326Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351"
        },
        {
          "url": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b"
        },
        {
          "url": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93"
        },
        {
          "url": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842"
        },
        {
          "url": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353"
        }
      ],
      "title": "ext4: fix OOB read when checking dotdot dir",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37785",
    "datePublished": "2025-04-18T07:01:27.393Z",
    "dateReserved": "2025-04-16T04:51:23.940Z",
    "dateUpdated": "2025-05-26T05:20:50.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2025-AVI-0480

Vulnerability from certfr_avis

Solutions

CVE-2025-21919 (GCVE-0-2025-21919)

Vulnerability from cvelistv5

CVE-2025-21964 (GCVE-0-2025-21964)

Vulnerability from cvelistv5

CVE-2025-37785 (GCVE-0-2025-37785)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature