CVE-2025-37814 — Improper Input Validation in Linux
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 81.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 8
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT
This requirement was overeagerly loosened in commit 2f83e38a095f
("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN"), but as
it turns out,
(1) the logic I implemented there was inconsistent (apologies!),
(2) TIOCL_SELMOUSEREPORT might actually be a small security risk
after all, and
(3) TIOCL_SELMOUSEREPORT is only meant to be used by the mouse
daem…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxe46d91ca504d69ae3d09c120b162a238b8013890 — 6f021bc0083b96125fdbed6a60d7b4396c4d6dac+4
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-vjw7-4w34-rrq4: In the Linux kernel, the following vulnerability has been resolved:
tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT
This requireme↗2025-05-08
OSV▶
CVE-2025-37814: In the Linux kernel, the following vulnerability has been resolved: tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT This requirement↗2025-05-08
📋Vendor Advisories
5Debian▶
CVE-2025-37814: linux - In the Linux kernel, the following vulnerability has been resolved: tty: Requir...↗2025