PT-2025-20349 · Linux+6 · Linux Kernel+6

Published

2025-04-22

·

Updated

2026-05-26

·

CVE-2025-37820

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been identified, specifically in the xen-netfront component. The xdp convert buff to frame() function may return NULL if it fails to convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. If the result is not checked for NULL, it may lead to a NULL pointer dereference, causing crashes, data corruption, or undefined behavior. Additionally, on XDP redirect failure, the associated page must be released explicitly if it was previously retained via get page(), otherwise, it may result in a memory leak.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-70138
BDU:2025-12150
CVE-2025-37820
DLA-4193-1
ECHO-4DD2-7C24-95EC
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-1878
OESA-2025-1879
OESA-2025-1880
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu