PT-2025-20539 · Linux+5 · Linux Kernel+5

Published

2025-04-24

·

Updated

2026-04-20

·

CVE-2025-37887

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved. The issue occurs when the firmware does not support the PDS CORE CMD FW CONTROL command, potentially causing the driver to print garbage or crash when the "devlink dev info" devlink command is run. This happens because the stack variable fw list is not initialized, resulting in a garbage value for fw list.num fw slots. The driver then tries to access fw list.fw names[i] with i greater than or equal to ARRAY SIZE, running off the end of the array.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-665

Related Identifiers

BDU:2025-12244
CVE-2025-37887
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-1823
OESA-2025-1824
OESA-2025-1870
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu