CVE-2025-37977

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are non-cacheable and the iocc shareability bits should be disabled. Without this UFS can end up in an incompatible configuration and suffer from random cache related stability issues.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/869749e48115ef944eeabec8e84138908471fa51	Patch
https://git.kernel.org/stable/c/f0c6728a6f2e269ebb234a9b5bb6c2c24aafeb51	Patch
https://git.kernel.org/stable/c/f92bb7436802f8eb7ee72dc911a33c8897fde366	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::

History

14 Nov 2025, 17:01

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/869749e48115ef944eeabec8e84138908471fa51 -~~	() https://git.kernel.org/stable/c/869749e48115ef944eeabec8e84138908471fa51 - Patch
References	~~() https://git.kernel.org/stable/c/f0c6728a6f2e269ebb234a9b5bb6c2c24aafeb51 -~~	() https://git.kernel.org/stable/c/f0c6728a6f2e269ebb234a9b5bb6c2c24aafeb51 - Patch
References	~~() https://git.kernel.org/stable/c/f92bb7436802f8eb7ee72dc911a33c8897fde366 -~~	() https://git.kernel.org/stable/c/f92bb7436802f8eb7ee72dc911a33c8897fde366 - Patch
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

Information

Published : 2025-05-20 17:15

Updated : 2025-11-14 17:01

NVD link : CVE-2025-37977

Mitre link : CVE-2025-37977

CVE.ORG link : CVE-2025-37977

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-37977", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-05-20T17:15:48.320", "references": [{"url": "https://git.kernel.org/stable/c/869749e48115ef944eeabec8e84138908471fa51", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f0c6728a6f2e269ebb234a9b5bb6c2c24aafeb51", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f92bb7436802f8eb7ee72dc911a33c8897fde366", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: exynos: Disable iocc if dma-coherent property isn't set\n\nIf dma-coherent property isn't set then descriptors are non-cacheable\nand the iocc shareability bits should be disabled. Without this UFS can\nend up in an incompatible configuration and suffer from random cache\nrelated stability issues."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: exynos: Deshabilitar iocc si la propiedad dma-coherent no est\u00e1 establecida. Si la propiedad dma-coherent no est\u00e1 establecida, los descriptores no se pueden almacenar en cach\u00e9 y los bits de compartici\u00f3n de iocc deben estar deshabilitados. Sin esto, UFS puede terminar en una configuraci\u00f3n incompatible y sufrir problemas de estabilidad aleatorios relacionados con la cach\u00e9."}], "lastModified": "2025-11-14T17:01:18.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A259054-CC63-4AE5-8BEB-9ACF595750B1", "versionEndExcluding": "6.12.26", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29FA1A8E-1C2A-4B0B-B397-2C915ECDEDEE", "versionEndExcluding": "6.14.4", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}