Vulnerability in Linux Kernel's MTD Subsystem Impacting Error Handling Processes
CVE-2025-37892
What is CVE-2025-37892?
A vulnerability in the Linux kernel's MTD subsystem has been identified, specifically within the INFTL_findwriteunit() function, where it fails to check the return value of inftl_read_oob(). This oversight in error processing can lead to unhandled conditions, potentially causing the system to behave unexpectedly. A proper implementation model, as highlighted in INFTL_deleteblock(), demonstrates how to correctly manage such errors. By setting the status to SECTOR_IGNORE when inftl_read_oob() fails, the function can appropriately exit the processing loop, preventing further complications.
Affected Version(s)
Linux 8593fbc68b0df1168995de76d1af38eb62fd6b62
Linux 8593fbc68b0df1168995de76d1af38eb62fd6b62 < 0300e751170cf80c05ca1a762a7b449e8ca6b693
Linux 8593fbc68b0df1168995de76d1af38eb62fd6b62
News Articles
Critical Vulnerability in Linux Kernel: INFTL Read OOB Error Handling
Learn about CVE-2025-37892, a critical vulnerability in the Linux kernel affecting Debian systems. Discover how to fix it and check your application with Vulert.