cve/rejected/2025/CVE-2025-37902.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix copying after src array boundaries\n\nThe blammed commit copied to argv the size of the reallocated argv,\ninstead of the size of the old_argv, thus reading and copying from\npast the old_argv allocated memory.\n\nFollowing BUG_ON was hit:\n[    3.038929][    T1] kernel BUG at lib/string_helpers.c:1040!\n[    3.039147][    T1] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP\n...\n[    3.056489][    T1] Call trace:\n[    3.056591][    T1]  __fortify_panic+0x10/0x18 (P)\n[    3.056773][    T1]  dm_split_args+0x20c/0x210\n[    3.056942][    T1]  dm_table_add_target+0x13c/0x360\n[    3.057132][    T1]  table_load+0x110/0x3ac\n[    3.057292][    T1]  dm_ctl_ioctl+0x424/0x56c\n[    3.057457][    T1]  __arm64_sys_ioctl+0xa8/0xec\n[    3.057634][    T1]  invoke_syscall+0x58/0x10c\n[    3.057804][    T1]  el0_svc_common+0xa8/0xdc\n[    3.057970][    T1]  do_el0_svc+0x1c/0x28\n[    3.058123][    T1]  el0_svc+0x50/0xac\n[    3.058266][    T1]  el0t_64_sync_handler+0x60/0xc4\n[    3.058452][    T1]  el0t_64_sync+0x1b0/0x1b4\n[    3.058620][    T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000)\n[    3.058897][    T1] ---[ end trace 0000000000000000 ]---\n[    3.059083][    T1] Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nFix it by copying the size of src, and not the size of dst, as it was."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/md/dm-table.c"
                ],
                "versions": [
                   {
                      "version": "4df67fb22782e54dcff0803f519d9b7d3a8b3367",
                      "lessThan": "aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "2dd94484415dde4da0f5c40ff2809d9ef4a01935",
                      "lessThan": "4c4f168b46229d527bda801ef15ad793b069f0ae",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "64e95bb37916ab03dcb7a920276c5a52df8e568b",
                      "lessThan": "ed3248a403740a623c73afd95f88cc37e0cd3ad2",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "510aea4ef0f81e8d06506c85f919b7700ccc60d8",
                      "lessThan": "db62809197658954a67b446c30677bc25baaf9f3",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "0b7c1bf09dce084a3657909110d256f36d9a8a05",
                      "lessThan": "a27cbadb995fa4cca90cefd74332c55c2c26616b",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "5a2a6c428190f945c5cbf5791f72dbea83e97f66",
                      "lessThan": "f1aff4bc199cb92c055668caed65505e3b4d2656",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/md/dm-table.c"
                ],
                "versions": [
                   {
                      "version": "6.15-rc5",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.15-rc5",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.15-rc6",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.15-rc5",
                            "versionEndExcluding": "6.15-rc6"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f"
             },
             {
                "url": "https://git.kernel.org/stable/c/4c4f168b46229d527bda801ef15ad793b069f0ae"
             },
             {
                "url": "https://git.kernel.org/stable/c/ed3248a403740a623c73afd95f88cc37e0cd3ad2"
             },
             {
                "url": "https://git.kernel.org/stable/c/db62809197658954a67b446c30677bc25baaf9f3"
             },
             {
                "url": "https://git.kernel.org/stable/c/a27cbadb995fa4cca90cefd74332c55c2c26616b"
             },
             {
                "url": "https://git.kernel.org/stable/c/f1aff4bc199cb92c055668caed65505e3b4d2656"
             }
          ],
          "title": "dm: fix copying after src array boundaries",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2025-37902",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix copying after src array boundaries\n\nThe blammed commit copied to argv the size of the reallocated argv,\ninstead of the size of the old_argv, thus reading and copying from\npast the old_argv allocated memory.\n\nFollowing BUG_ON was hit:\n[ 3.038929][ T1] kernel BUG at lib/string_helpers.c:1040!\n[ 3.039147][ T1] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n...\n[ 3.056489][ T1] Call trace:\n[ 3.056591][ T1] __fortify_panic+0x10/0x18 (P)\n[ 3.056773][ T1] dm_split_args+0x20c/0x210\n[ 3.056942][ T1] dm_table_add_target+0x13c/0x360\n[ 3.057132][ T1] table_load+0x110/0x3ac\n[ 3.057292][ T1] dm_ctl_ioctl+0x424/0x56c\n[ 3.057457][ T1] __arm64_sys_ioctl+0xa8/0xec\n[ 3.057634][ T1] invoke_syscall+0x58/0x10c\n[ 3.057804][ T1] el0_svc_common+0xa8/0xdc\n[ 3.057970][ T1] do_el0_svc+0x1c/0x28\n[ 3.058123][ T1] el0_svc+0x50/0xac\n[ 3.058266][ T1] el0t_64_sync_handler+0x60/0xc4\n[ 3.058452][ T1] el0t_64_sync+0x1b0/0x1b4\n[ 3.058620][ T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000)\n[ 3.058897][ T1] ---[ end trace 0000000000000000 ]---\n[ 3.059083][ T1] Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nFix it by copying the size of src, and not the size of dst, as it was."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/md/dm-table.c"
	],
	"versions": [
	{
	"version": "4df67fb22782e54dcff0803f519d9b7d3a8b3367",
	"lessThan": "aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "2dd94484415dde4da0f5c40ff2809d9ef4a01935",
	"lessThan": "4c4f168b46229d527bda801ef15ad793b069f0ae",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "64e95bb37916ab03dcb7a920276c5a52df8e568b",
	"lessThan": "ed3248a403740a623c73afd95f88cc37e0cd3ad2",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "510aea4ef0f81e8d06506c85f919b7700ccc60d8",
	"lessThan": "db62809197658954a67b446c30677bc25baaf9f3",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "0b7c1bf09dce084a3657909110d256f36d9a8a05",
	"lessThan": "a27cbadb995fa4cca90cefd74332c55c2c26616b",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "5a2a6c428190f945c5cbf5791f72dbea83e97f66",
	"lessThan": "f1aff4bc199cb92c055668caed65505e3b4d2656",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/md/dm-table.c"
	],
	"versions": [
	{
	"version": "6.15-rc5",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.15-rc5",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.15-rc6",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.15-rc5",
	"versionEndExcluding": "6.15-rc6"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f"
	},
	{
	"url": "https://git.kernel.org/stable/c/4c4f168b46229d527bda801ef15ad793b069f0ae"
	},
	{
	"url": "https://git.kernel.org/stable/c/ed3248a403740a623c73afd95f88cc37e0cd3ad2"
	},
	{
	"url": "https://git.kernel.org/stable/c/db62809197658954a67b446c30677bc25baaf9f3"
	},
	{
	"url": "https://git.kernel.org/stable/c/a27cbadb995fa4cca90cefd74332c55c2c26616b"
	},
	{
	"url": "https://git.kernel.org/stable/c/f1aff4bc199cb92c055668caed65505e3b4d2656"
	}
	],
	"title": "dm: fix copying after src array boundaries",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2025-37902",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}