{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-37851", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.955Z", "datePublished": "2025-05-09T06:41:58.466Z", "dateUpdated": "2025-11-03T19:56:27.631Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-26T05:22:17.231Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: Add 'plane' value check\n\nFunction dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB\nof the enum parameter plane.\n\nThe value of this parameter is initialized in dss_init_overlays and in the\ncurrent state of the code it cannot take this value so it's not a real\nproblem.\n\nFor the purposes of defensive coding it wouldn't be superfluous to check\nthe parameter value, because some functions down the call stack process\nthis value correctly and some not.\n\nFor example, in dispc_ovl_setup_global_alpha it may lead to buffer\noverflow.\n\nAdd check for this value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/video/fbdev/omap2/omapfb/dss/dispc.c"], "versions": [{"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "a570efb4d877adbf3db2dc95487f2ba6bfdd148a", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "cdf41d72e8b015d9ea68f5a1c0a79624e7c312aa", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "09dbf22fd68c2f1a81ab89670ffa1ec3033436c4", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "660a53a0694d1f3789802509fe729dd4656fc5e0", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "fda15c5b96b883d62fb2d84a3a1422aa87717897", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "52eafaa56f8f6d6a0cdff9282b25b4acbde34edc", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "9b0a41589ee70529b20e1e0108d03f10c649bdc4", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "4efd8ef5e40f2c7a4a91a5a9f03140bfa827da89", "status": "affected", "versionType": "git"}, {"version": "559d67018950ced65c73358cd69c4bdd2b0c5dd6", "lessThan": "3e411827f31db7f938a30a3c7a7599839401ec30", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/video/fbdev/omap2/omapfb/dss/dispc.c"], "versions": [{"version": "2.6.33", "status": "affected"}, {"version": "0", "lessThan": "2.6.33", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.293", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.237", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.181", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.135", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.88", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.24", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.12", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.3", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "5.4.293"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "5.10.237"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "5.15.181"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "6.1.135"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "6.6.88"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "6.12.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "6.13.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "6.14.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.33", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a570efb4d877adbf3db2dc95487f2ba6bfdd148a"}, {"url": "https://git.kernel.org/stable/c/cdf41d72e8b015d9ea68f5a1c0a79624e7c312aa"}, {"url": "https://git.kernel.org/stable/c/09dbf22fd68c2f1a81ab89670ffa1ec3033436c4"}, {"url": "https://git.kernel.org/stable/c/660a53a0694d1f3789802509fe729dd4656fc5e0"}, {"url": "https://git.kernel.org/stable/c/fda15c5b96b883d62fb2d84a3a1422aa87717897"}, {"url": "https://git.kernel.org/stable/c/52eafaa56f8f6d6a0cdff9282b25b4acbde34edc"}, {"url": "https://git.kernel.org/stable/c/9b0a41589ee70529b20e1e0108d03f10c649bdc4"}, {"url": "https://git.kernel.org/stable/c/4efd8ef5e40f2c7a4a91a5a9f03140bfa827da89"}, {"url": "https://git.kernel.org/stable/c/3e411827f31db7f938a30a3c7a7599839401ec30"}], "title": "fbdev: omapfb: Add 'plane' value check", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:56:27.631Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "27FB98F5-D1A3-4A4D-8488-F5009EF8ACD5", "versionEndExcluding": "5.4.293", "versionStartIncluding": "2.6.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0710B81E-E2FA-4E15-8F68-D297EBB4D50D", "versionEndExcluding": "5.10.237", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "12331C9E-F601-4EFC-899E-369F98DCC70B", "versionEndExcluding": "5.15.181", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B9ACE29-7445-4B6F-B761-6367C005E275", "versionEndExcluding": "6.1.135", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E5947E5-45E3-462A-829B-382B3B1C61BD", "versionEndExcluding": "6.6.88", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D35A8A8-F3EC-45E6-AD37-1F154B27529D", "versionEndExcluding": "6.12.24", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A475784-BF3B-4514-81EE-49C8522FB24A", "versionEndExcluding": "6.13.12", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "483E2E15-2135-4EC6-AB64-16282C5EF704", "versionEndExcluding": "6.14.3", "versionStartIncluding": "6.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: Add 'plane' value check\n\nFunction dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB\nof the enum parameter plane.\n\nThe value of this parameter is initialized in dss_init_overlays and in the\ncurrent state of the code it cannot take this value so it's not a real\nproblem.\n\nFor the purposes of defensive coding it wouldn't be superfluous to check\nthe parameter value, because some functions down the call stack process\nthis value correctly and some not.\n\nFor example, in dispc_ovl_setup_global_alpha it may lead to buffer\noverflow.\n\nAdd check for this value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: omapfb: A\u00f1adir comprobaci\u00f3n del valor \"plane\". La funci\u00f3n dispc_ovl_setup no est\u00e1 dise\u00f1ada para funcionar con el valor OMAP_DSS_WB del par\u00e1metro de enumeraci\u00f3n \"plane\". Este valor se inicializa en dss_init_overlays y, en el estado actual del c\u00f3digo, no puede tomar este valor, por lo que no supone un problema real. Para fines de codificaci\u00f3n defensiva, no ser\u00eda superfluo comprobar el valor del par\u00e1metro, ya que algunas funciones en la pila de llamadas procesan este valor correctamente y otras no. Por ejemplo, en dispc_ovl_setup_global_alpha, puede provocar un desbordamiento de b\u00fafer. A\u00f1adir comprobaci\u00f3n para este valor. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico SVACE."}], "id": "CVE-2025-37851", "lastModified": "2025-11-17T12:52:55.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-05-09T07:16:06.003", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09dbf22fd68c2f1a81ab89670ffa1ec3033436c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3e411827f31db7f938a30a3c7a7599839401ec30"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4efd8ef5e40f2c7a4a91a5a9f03140bfa827da89"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/52eafaa56f8f6d6a0cdff9282b25b4acbde34edc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/660a53a0694d1f3789802509fe729dd4656fc5e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b0a41589ee70529b20e1e0108d03f10c649bdc4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a570efb4d877adbf3db2dc95487f2ba6bfdd148a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cdf41d72e8b015d9ea68f5a1c0a79624e7c312aa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fda15c5b96b883d62fb2d84a3a1422aa87717897"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: fbdev: omapfb: Add 'plane' value check", "id": "2365275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365275"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfbdev: omapfb: Add 'plane' value check\nFunction dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB\nof the enum parameter plane.\nThe value of this parameter is initialized in dss_init_overlays and in the\ncurrent state of the code it cannot take this value so it's not a real\nproblem.\nFor the purposes of defensive coding it wouldn't be superfluous to check\nthe parameter value, because some functions down the call stack process\nthis value correctly and some not.\nFor example, in dispc_ovl_setup_global_alpha it may lead to buffer\noverflow.\nAdd check for this value.\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool."], "name": "CVE-2025-37851", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-37851\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37851\nhttps://lore.kernel.org/linux-cve-announce/2025050919-CVE-2025-37851-2597@gregkh/T"], "threat_severity": "Moderate"}