Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-37879

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed. Make variables unsigned to avoid this problem. The reproducer linked below now fails with the following error instead of a null pointer deref: 9pnet: bogus RWRITE count (4294967295 > 3)

Published

2025-05-09T07:16:09.143

Last Modified

2025-11-12T19:53:46.030

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 6.1.136	Yes
Operating System	linux	linux_kernel	< 6.6.89	Yes
Operating System	linux	linux_kernel	< 6.12.26	Yes
Operating System	linux	linux_kernel	< 6.14.5	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://git.kernel.org/stable/c/374e4cd75617c8c2552f562f39dd989583f5c330 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/468ff4a7c61fb811c596a7c44b6a5455e40fd12b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a68768e280b7d0c967ea509e791bb9b90adc94a5 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c548f95688e2b5ae0e2ae43d53cf717156c7d034 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/d0259a856afca31d699b706ed5e2adf11086c73b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)