CVE-2025-37749
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
01/05/2025
Last modified:
04/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: ppp: Add bound checking for skb data on ppp_sync_txmung<br />
<br />
Ensure we have enough data in linear buffer from skb before accessing<br />
initial bytes. This prevents potential out-of-bounds accesses<br />
when processing short packets.<br />
<br />
When ppp_sync_txmung receives an incoming package with an empty<br />
payload:<br />
(remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header)<br />
$18 = {<br />
type = 0x1,<br />
ver = 0x1,<br />
code = 0x0,<br />
sid = 0x2,<br />
length = 0x0,<br />
tag = 0xffff8880371cdb96<br />
}<br />
<br />
from the skb struct (trimmed)<br />
tail = 0x16,<br />
end = 0x140,<br />
head = 0xffff88803346f400 "4",<br />
data = 0xffff88803346f416 ":\377",<br />
truesize = 0x380,<br />
len = 0x0,<br />
data_len = 0x0,<br />
mac_len = 0xe,<br />
hdr_len = 0x0,<br />
<br />
it is not safe to access data[2].<br />
<br />
[pabeni@redhat.com: fixed subj typo]
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.13 (including) | 5.4.293 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.237 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.181 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.135 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.88 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.24 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1f6eb9fa87a781d5370c0de7794ae242f1a95ee5
- https://git.kernel.org/stable/c/529401c8f12ecc35f9ea5d946d5a5596cf172b48
- https://git.kernel.org/stable/c/6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e
- https://git.kernel.org/stable/c/99aa698dec342a07125d733e39aab4394b3b7e05
- https://git.kernel.org/stable/c/aabc6596ffb377c4c9c8f335124b92ea282c9821
- https://git.kernel.org/stable/c/b4c836d33ca888695b2f2665f948bc1b34fbd533
- https://git.kernel.org/stable/c/b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca
- https://git.kernel.org/stable/c/de5a4f0cba58625e88b7bebd88f780c8c0150997
- https://git.kernel.org/stable/c/fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html