CVE-2025-37782 Affecting kernel-firmware package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL6-KERNELFIRMWARE-9952691
- published2 May 2025
- disclosed1 May 2025
Introduced: 1 May 2025
NewCVE-2025-37782 (opens in a new tab)How to fix?
There is no fixed version for RHEL:6 kernel-firmware.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-firmware package and not the kernel-firmware package as distributed by RHEL.
See How to fix? for RHEL:6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
Syzbot reported an issue in hfs subsystem:
BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102
Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 memcpy_from_page include/linux/highmem.h:423 [inline] hfs_bnode_read fs/hfs/bnode.c:35 [inline] hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159 hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257 do_mkdirat+0x264/0x3a0 fs/namei.c:4280 __do_sys_mkdir fs/namei.c:4300 [inline] __se_sys_mkdir fs/namei.c:4298 [inline] __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbdd6057a99
Add a check for key length in hfs_bnode_read_key to prevent out-of-bounds memory access. If the key length is invalid, the key buffer is cleared, improving stability and reliability.
References
- https://access.redhat.com/security/cve/CVE-2025-37782
- https://git.kernel.org/stable/c/0296f9733543c7c8e666e69da743cfffd32dd805
- https://git.kernel.org/stable/c/84e8719c087e68c967975b78e67be54f697c957f
- https://git.kernel.org/stable/c/9c93fb4ad8d3b730afe1a09949ebbea64d4f60eb
- https://git.kernel.org/stable/c/9f77aa584a659b21211a794e53522e6fb16d4a16
- https://git.kernel.org/stable/c/bb5e07cb927724e0b47be371fa081141cfb14414
- https://git.kernel.org/stable/c/8060afd77761eac2048db12fb0510d76ce0cf1f3
- https://git.kernel.org/stable/c/a33c035df01d1e008874607da74bf7cf45152f47
- https://git.kernel.org/stable/c/f6651c04191d49907d40f0891bbe51ef9703c792