PT-2025-22188 · Linux+6 · Linux Kernel+6
Published
2025-04-17
·
Updated
2026-05-26
·
CVE-2025-37927
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A string parsing logic error in the Linux kernel can lead to a buffer overflow in the
parse ivrs acpihid function. This occurs because the check against ACPIID LEN does not account for the lengths of individual hid and uid buffers, making it insufficient in some cases. For instance, if the hid string length is 4 and the uid string length is 260, the uid buffer will overflow since its size is 256. Similarly, a hid string with a length of 13 and a uid string with a length of 250 can also cause an overflow. To prevent this, the lengths of hid and uid strings should be checked separately.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Memory Corruption
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu