PT-2025-18423 · Linux+6 · Linux Kernel+6

Published

2025-02-19

·

Updated

2026-04-20

·

CVE-2025-37742

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability has been resolved in the Linux kernel. The issue is related to the jfs file system, where the imap allocated in the diMount() function is not properly initialized after memory allocation. This causes the snprintf() function to write uninitialized data into linebuf within hex dump to buffer(). The vulnerability is due to the use of kmalloc instead of kzalloc, which does not clear the content of the allocated memory.
Recommendations To resolve the issue, use kzalloc instead of kmalloc in the diMount() function to ensure that the allocated memory is properly initialized. As a temporary workaround, consider restricting access to the jfs file system until a patch is available.

Exploit

Fix

Use of Uninitialized Resource

Access of Uninitialized Pointer

Weakness Enumeration

CWE-908CWE-824

Related Identifiers

BDU:2025-12330
CVE-2025-37742
DLA-4193-1
ECHO-73EE-C2F6-E346
OESA-2025-1511
OESA-2025-1512
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu