Buffer Size Overflow Vulnerability in Linux Kernel Affecting UdmaBuf Functionality
CVE-2025-37803

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2025

What is CVE-2025-37803?

A buffer size overflow vulnerability has been identified in the Linux kernel affecting the udmabuf functionality. This issue arises during the creation of udmabuf due to a failure to properly handle size_limits, which can lead to memory allocation errors. The vulnerability has been addressed by ensuring that size_limit_mb is correctly cast to a 64-bit integer (u64) while calculating pglimit. Users are advised to apply the available patches to enhance the security of their systems and prevent exploitation.

Affected Version(s)

Linux fbb0de795078190a9834b3409e4b009cfb18a6d4

Linux fbb0de795078190a9834b3409e4b009cfb18a6d4 < 13fe12c037b470321436deec393030c6153cfeb9

Linux fbb0de795078190a9834b3409e4b009cfb18a6d4 < 373512760e13fdaa726faa9502d0f5be2abb3d33

References

https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def4...

https://git.kernel.org/stable/c/13fe12c037b470321436deec3...

https://git.kernel.org/stable/c/373512760e13fdaa726faa950...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Apr 16, 2025