CVE-2025-37991

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, which caused a double SIGFPE crash on parisc. The issue occurred because glibc uses a double-word floating-point store to atomically update function descriptors, resulting in a floating-point store in fpe func almost immediately. When the T bit is set, an assist exception trap occurs when the co-processor encounters any floating-point instruction except for a double store of register %fr0. The issue can be reproduced with a test program.

Recommendations To resolve the issue, clear the Trap (T) bit in the FP status register before returning to the signal handler in userspace. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-404

Related Identifiers

BDU:2025-11790

CVE-2025-37991

DLA-4271-1

DSA-5925-1

ECHO-FCB4-00B6-7B8C

MGASA-2025-0182

MGASA-2025-0183

OESA-2025-1823

OESA-2025-1824

OESA-2025-1870

USN-7649-1

USN-7649-2

USN-7650-1

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7665-1

USN-7665-2

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

USN-7721-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-37991

Weakness Enumeration

Related Identifiers

Affected Products

References · 1522