CVE-2025-37816

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the use of the counted by() function in the vsc-tp.c code, which is using the counted by(len) attribute on vsc tp packet.buf[] in a wrong way. The len variable does not contain the available size in the buffer, but rather the actual packet length without the CRC. This causes a fortify-panic handler to be triggered when vsc tp xfer() tries to add the CRC to buf[]. The solution involves splitting the vsc tp packet struct definition into a header and a full-packet definition and using a fixed-size buf[] in the packet definition.

Recommendations To resolve the issue, split the vsc tp packet struct definition into a header and a full-packet definition and use a fixed-size buf[] in the packet definition. This way, fortify-source buffer overrun checking still works when enabled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.