CVE-2025-37879 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read CWE-681 — Incorrect Conversion between Numeric Types42 documents7 sources

Severity

7.1HIGHNVD

OSV3.2

EPSS

0.1%

top 82.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +7 more

Timeline

PublishedMay 9

Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) 3)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages11 packages

▶NVDlinux/linux_kernel6.2 — 6.6.89+3

▶Debianlinux/linux_kernel< 6.1.137-1+2

▶Ubuntulinux/linux_kernel< 6.8.0-100.100+1

▶msrcmsrc/azl3_kernel_6.6.85.1-4_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.92.2-1_on_azure_linux_3.0

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-azure-6.8 vulnerabilities↗2026-03-25

▶

OSV

linux-azure-fips vulnerabilities↗2026-03-04

▶

OSV

linux-azure vulnerabilities↗2026-03-04

▶

OSV

linux-ibm, linux-ibm-6.8 vulnerabilities↗2026-02-24

▶

OSV

linux-xilinx vulnerabilities↗2026-02-24

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Xilinx) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2026-02-24

▶

External resources

NVD MITRE

Affected products10

Debian Linuxfixed in linux 6.1.137-1 (bookworm)

Debian Linuxv11.0

Debian Linux-6.1fixed in linux 6.1.137-1 (bookworm)

Linux≥ 070b3656cf228eaaef7b28b59264c5c7cdbdd0fb, < 468ff4a7c61fb811c596a7c44b6a5455e40fd12b≥ 070b3656cf228eaaef7b28b59264c5c7cdbdd0fb, < a68768e280b7d0c967ea509e791bb9b90adc94a5≥ 070b3656cf228eaaef7b28b59264c5c7cdbdd0fb, < c548f95688e2b5ae0e2ae43d53cf717156c7d034+3 more

Linux Kernel≥ 0, < 6.1.137-1≥ 0, < 6.12.27-1fixed in 6.1.136+5 more

Msrc Azl3 Kernel 6.6.85.1-4 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.92.2-1 ON Azure Linux 3.0

Msrc Cbl2 Kernel 5.15.186.1-1 ON CBL Mariner 2.0

Msrc Cbl2 Kernel 5.15.200.1-1 ON CBL Mariner 2.0

Msrc Cbl2 Kernel 5.15.202.1-1 ON CBL Mariner 2.0

Disclosure

PublishedMay 9, 2025

Latest updateMar 25, 2026