Linux Kernel Driver Vulnerability in PDS_CORE Command Handling
CVE-2025-37887

Currently unrated

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
9 May 2025

Summary

The vulnerability in the Linux kernel's handling of the PDS_CORE_CMD_FW_CONTROL command can lead to unexpected behavior. When this command is unsupported, the system may output garbage values or crash entirely upon executing the 'devlink dev info' command. This occurs due to uninitialized stack variables, leading to unsafe memory access beyond defined array bounds. The resolution involves proper initialization of the affected structures and enhancing error handling mechanisms, ensuring valuable diagnostic information remains accessible even when command execution fails.

Affected Version(s)

Linux 45d76f492938cdc27ddadc16e1e75103f4cfbf56

Linux 45d76f492938cdc27ddadc16e1e75103f4cfbf56 < 6702f5c6b22deaa95bf84f526148174a160a02cb

Linux 45d76f492938cdc27ddadc16e1e75103f4cfbf56 < 12a4651a80dbe4589a84e26785fbbe1ed4d043b7

References

https://git.kernel.org/stable/c/cdd784c96fe2e5edbf0ed9b3e...
https://git.kernel.org/stable/c/6702f5c6b22deaa95bf84f526...
https://git.kernel.org/stable/c/12a4651a80dbe4589a84e2678...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-37887 : Linux Kernel Driver Vulnerability in PDS_CORE Command Handling | SecurityVulnerability.io