CVE-2025-37751Buffer Access with Incorrect Length Value in Linux

CWE-805Buffer Access with Incorrect Length Value11 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMay 1
Latest updateJul 8

Description

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Avoid running off the end of an AMD erratum table The NULL array terminator at the end of erratum_1386_microcode was removed during the switch from x86_cpu_desc to x86_cpu_id. This causes readers to run off the end of the array. Replace the NULL.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.146.14.3+1
Ubuntulinux/linux_kernel< 6.14.0-22.22
CVEListV5linux/linuxf3f3251526739bb975b97f840c56b3054dba86381b518f73f1b6f59e083ec33dea22d9a1a275a970+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

5
OSV
linux-aws, linux-oracle vulnerabilities2025-07-08
OSV
linux-azure vulnerabilities2025-06-26
OSV
linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities2025-06-24
OSV
CVE-2025-37751: In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Avoid running off the end of an AMD erratum table The NULL array terminat2025-05-01
GHSA
GHSA-w8jp-xg39-86rf: In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Avoid running off the end of an AMD erratum table The NULL array termin2025-05-01

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2025-07-08
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-26
Ubuntu
Linux kernel vulnerabilities2025-06-24
Red Hat
kernel: x86/cpu: Avoid running off the end of an AMD erratum table2025-05-01
Debian
CVE-2025-37751: linux - In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Av...2025
CVE-2025-37751 — Linux vulnerability | cvebase