Buffer Size Overflow Vulnerability in Linux Kernel Affecting UdmaBuf Functionality
CVE-2025-37803

7.8HIGH

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
8 May 2025

What is CVE-2025-37803?

A buffer size overflow vulnerability has been identified in the Linux kernel affecting the udmabuf functionality. This issue arises during the creation of udmabuf due to a failure to properly handle size_limits, which can lead to memory allocation errors. The vulnerability has been addressed by ensuring that size_limit_mb is correctly cast to a 64-bit integer (u64) while calculating pglimit. Users are advised to apply the available patches to enhance the security of their systems and prevent exploitation.

Affected Version(s)

Linux fbb0de795078190a9834b3409e4b009cfb18a6d4

Linux fbb0de795078190a9834b3409e4b009cfb18a6d4 < 13fe12c037b470321436deec393030c6153cfeb9

Linux fbb0de795078190a9834b3409e4b009cfb18a6d4 < 373512760e13fdaa726faa9502d0f5be2abb3d33

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-37803 : Buffer Size Overflow Vulnerability in Linux Kernel Affecting UdmaBuf Functionality