CVE-2025-37867
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/05/2025
Last modified:
12/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
RDMA/core: Silence oversized kvmalloc() warning<br />
<br />
syzkaller triggered an oversized kvmalloc() warning.<br />
Silence it by adding __GFP_NOWARN.<br />
<br />
syzkaller log:<br />
WARNING: CPU: 7 PID: 518 at mm/util.c:665 __kvmalloc_node_noprof+0x175/0x180<br />
CPU: 7 UID: 0 PID: 518 Comm: c_repro Not tainted 6.11.0-rc6+ #6<br />
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014<br />
RIP: 0010:__kvmalloc_node_noprof+0x175/0x180<br />
RSP: 0018:ffffc90001e67c10 EFLAGS: 00010246<br />
RAX: 0000000000000100 RBX: 0000000000000400 RCX: ffffffff8149d46b<br />
RDX: 0000000000000000 RSI: ffff8881030fae80 RDI: 0000000000000002<br />
RBP: 000000712c800000 R08: 0000000000000100 R09: 0000000000000000<br />
R10: ffffc90001e67c10 R11: 0030ae0601000000 R12: 0000000000000000<br />
R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000<br />
FS: 00007fde79159740(0000) GS:ffff88813bdc0000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 0000000020000180 CR3: 0000000105eb4005 CR4: 00000000003706b0<br />
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br />
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br />
Call Trace:<br />
<br />
ib_umem_odp_get+0x1f6/0x390<br />
mlx5_ib_reg_user_mr+0x1e8/0x450<br />
ib_uverbs_reg_mr+0x28b/0x440<br />
ib_uverbs_write+0x7d3/0xa30<br />
vfs_write+0x1ac/0x6c0<br />
ksys_write+0x134/0x170<br />
? __sanitizer_cov_trace_pc+0x1c/0x50<br />
do_syscall_64+0x50/0x110<br />
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4 (including) | 5.10.237 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.181 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.135 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.88 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.25 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.14.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0d81bb58a203ad5f4044dc18cfbc230c194f650a
- https://git.kernel.org/stable/c/6c588e9afbab240c921f936cb676dac72e2e2b66
- https://git.kernel.org/stable/c/791daf8240cedf27af8794038ae1d32ef643bce6
- https://git.kernel.org/stable/c/9a0e6f15029e1a8a21e40f06fd05aa52b7f063de
- https://git.kernel.org/stable/c/ae470d06320dea4002d441784d691f0a26b4322d
- https://git.kernel.org/stable/c/f476eba25fdf70faa7b19a3e0fb00e65c5b53106
- https://git.kernel.org/stable/c/f94ac90ce7bd6f9266ad0d99044ed86e8d1416c1
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html