CVE-2025-37978

In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to oopses because set_page_dirty_lock() can't be called from interrupt context. Since a protection information buffer is not backed by a file there is no point in setting its page dirty, there is nothing to synchronize. Drop the call to set_page_dirty_lock() and remove the last argument to bio_integrity_unpin_bvec().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/39e160505198ff8c158f11bce2ba19809a756e8b	Patch
https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7cedeccaaf63074617	Patch
https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353b82379d6fd5d6c4	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::

History

14 Nov 2025, 17:01

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/39e160505198ff8c158f11bce2ba19809a756e8b -~~	() https://git.kernel.org/stable/c/39e160505198ff8c158f11bce2ba19809a756e8b - Patch
References	~~() https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7cedeccaaf63074617 -~~	() https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7cedeccaaf63074617 - Patch
References	~~() https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353b82379d6fd5d6c4 -~~	() https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353b82379d6fd5d6c4 - Patch

Information

Published : 2025-05-20 17:15

Updated : 2025-11-14 17:01

NVD link : CVE-2025-37978

Mitre link : CVE-2025-37978

CVE.ORG link : CVE-2025-37978

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-37978", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-05-20T17:15:48.423", "references": [{"url": "https://git.kernel.org/stable/c/39e160505198ff8c158f11bce2ba19809a756e8b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9487fc1a10b3aa89feb24e7cedeccaaf63074617", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c38a005e6efb9ddfa06bd8353b82379d6fd5d6c4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: integrity: Do not call set_page_dirty_lock()\n\nPlacing multiple protection information buffers inside the same page\ncan lead to oopses because set_page_dirty_lock() can't be called from\ninterrupt context.\n\nSince a protection information buffer is not backed by a file there is\nno point in setting its page dirty, there is nothing to synchronize.\nDrop the call to set_page_dirty_lock() and remove the last argument to\nbio_integrity_unpin_bvec()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: integridad: No llamar a set_page_dirty_lock(). Colocar varios b\u00faferes de informaci\u00f3n de protecci\u00f3n dentro de la misma p\u00e1gina puede provocar errores, ya que set_page_dirty_lock() no se puede llamar desde el contexto de interrupci\u00f3n. Dado que un b\u00fafer de informaci\u00f3n de protecci\u00f3n no est\u00e1 respaldado por un archivo, no tiene sentido configurar su p\u00e1gina como sucia; no hay nada que sincronizar. Elimine la llamada a set_page_dirty_lock() y elimine el \u00faltimo argumento de bio_integrity_unpin_bvec()."}], "lastModified": "2025-11-14T17:01:00.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBBDA0D8-E64F-41F7-ADFF-19A22F63B1B9", "versionEndExcluding": "6.12.25", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29FA1A8E-1C2A-4B0B-B397-2C915ECDEDEE", "versionEndExcluding": "6.14.4", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}