Linux Kernel Integrity Vulnerability Impacting Multiple Protection Buffers
CVE-2025-37978

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-37978?

A vulnerability identified in the Linux kernel relates to the improper handling of multiple protection information buffers within the same page. The specific flaw arises from invoking set_page_dirty_lock() in an interrupt context, which can lead to system instability and errors. This issue highlights the need for careful management of page states, especially as protection information buffers do not have an associated file to synchronize page dirtiness. The recent resolution removes the problematic function call, ensuring stable operation by preventing potential oopses in affected systems.

Affected Version(s)

Linux 492c5d455969fc2e829f26ed4c83487b068f0dd7

Linux 492c5d455969fc2e829f26ed4c83487b068f0dd7 < 9487fc1a10b3aa89feb24e7cedeccaaf63074617

Linux 492c5d455969fc2e829f26ed4c83487b068f0dd7 < 39e160505198ff8c158f11bce2ba19809a756e8b

References

https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353...

https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7ce...

https://git.kernel.org/stable/c/39e160505198ff8c158f11bce...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025