Linux Kernel Driver Vulnerability in PDS_CORE Command Handling
CVE-2025-37887

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 May 2025

What is CVE-2025-37887?

The vulnerability in the Linux kernel's handling of the PDS_CORE_CMD_FW_CONTROL command can lead to unexpected behavior. When this command is unsupported, the system may output garbage values or crash entirely upon executing the 'devlink dev info' command. This occurs due to uninitialized stack variables, leading to unsafe memory access beyond defined array bounds. The resolution involves proper initialization of the affected structures and enhancing error handling mechanisms, ensuring valuable diagnostic information remains accessible even when command execution fails.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 45d76f492938cdc27ddadc16e1e75103f4cfbf56

Linux 45d76f492938cdc27ddadc16e1e75103f4cfbf56 < 6702f5c6b22deaa95bf84f526148174a160a02cb

Linux 45d76f492938cdc27ddadc16e1e75103f4cfbf56 < 12a4651a80dbe4589a84e26785fbbe1ed4d043b7

References

https://git.kernel.org/stable/c/cdd784c96fe2e5edbf0ed9b3e...
https://git.kernel.org/stable/c/6702f5c6b22deaa95bf84f526...
https://git.kernel.org/stable/c/12a4651a80dbe4589a84e2678...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.