CVE-2025-37791 — Resource Injection in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 84.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateDec 11
Description
In the Linux kernel, the following vulnerability has been resolved:
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct
size of rpl is sizeof(*rpl) which should be just 1 byte. Using the
pointer size instead can cause stack corruption:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtool_cmis_wait_for_cond+0xf4/0x100
CPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxa39c84d796254e6b1662ca0c46dbc313379e9291 — 61765e1b417a23371c3735e3cddf4ad9354ed2e9+3
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-4jf5-7pvp-xf23: In the Linux kernel, the following vulnerability has been resolved:
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
rpl is pas↗2025-05-01
OSV▶
CVE-2025-37791: In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() rpl is passe↗2025-05-01
📋Vendor Advisories
5Debian▶
CVE-2025-37791: linux - In the Linux kernel, the following vulnerability has been resolved: ethtool: cm...↗2025
📄Research Papers
1arXiv▶
From Lab to Reality: A Practical Evaluation of Deep Learning Models and LLMs for Vulnerability Detection↗2025-12-11