CVE-2025-37791

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37791
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37791.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37791
Downstream
Published
2025-05-01T14:15:43Z
Modified
2025-05-05T17:00:21Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ethtool: cmiscdb: use correct rpl size in ethtoolcmismodulepoll()

rpl is passed as a pointer to ethtoolcmismodule_poll(), so the correct size of rpl is sizeof(*rpl) which should be just 1 byte. Using the pointer size instead can cause stack corruption:

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtoolcmiswaitforcond+0xf4/0x100 CPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded Tainted: G OE 6.11.0 #24 Tainted: [O]=OOTMODULE, [E]=UNSIGNEDMODULE Hardware name: Dell Inc. PowerEdge R760/04GWWM, BIOS 1.6.6 09/20/2023 Workqueue: events moduleflashfwwork Call Trace: <TASK> panic+0x339/0x360 ? ethtoolcmiswaitforcond+0xf4/0x100 ? _pfxstatussuccess+0x10/0x10 ? _pfxstatusfail+0x10/0x10 _stackchkfail+0x10/0x10 ethtoolcmiswaitforcond+0xf4/0x100 ethtoolcmiscdbexecutecmd+0x1fc/0x330 ? _pfxstatusfail+0x10/0x10 cmiscdbmodulefeaturesget+0x6d/0xd0 ethtoolcmiscdbinit+0x8a/0xd0 ethtoolcmisfwupdate+0x46/0x1d0 moduleflashfwwork+0x17/0xa0 processonework+0x179/0x390 workerthread+0x239/0x340 ? _pfxworkerthread+0x10/0x10 kthread+0xcc/0x100 ? _pfxkthread+0x10/0x10 retfromfork+0x2d/0x50 ? _pfxkthread+0x10/0x10 retfromfork_asm+0x1a/0x30 </TASK>

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}