CVE-2025-37857

MEDIUM EPSS 15.4%
Published May 9, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 9, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in st_setup() Change the array size to follow parms size instead of a fixed value.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel* <5.4.293
linuxlinux_kernel*≥5.5  –  <5.10.237
linuxlinux_kernel*≥5.11  –  <5.15.181
linuxlinux_kernel*≥5.16  –  <6.1.135
linuxlinux_kernel*≥6.2  –  <6.6.88
linuxlinux_kernel*≥6.7  –  <6.12.24
linuxlinux_kernel*≥6.13  –  <6.13.12
linuxlinux_kernel*≥6.14  –  <6.14.3
debiandebian_linux11.0any

References 11

  • git.kernel.org https://git.kernel.org/stable/c/574b399a7fb6ae71c97e26d122205c4a720c0e43
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/736ae988bfb5932c05625baff70fba224d547c08
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fe3b4deed8b93609058c37c9a11df1d2b2c0423
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a018d1cf990d0c339fe0e29b762ea5dc10567d67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad4c3037dc77739a625246a2a0fb23b8f3402c06
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c6015d0f7a2236ddb3928b2dfcb1c556a1368b55
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4d1ca0a84a6650d3172eb8c07ef2fbc585b0d96
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e6b585d016c47ca8a37b92ea8a3fe35c0b585256
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f746fe0c51e044d1248dc67918328bfb3d86b639
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/574b399a7fb6ae71c97e26d122205c4a720c0e43
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/736ae988bfb5932c05625baff70fba224d547c08
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fe3b4deed8b93609058c37c9a11df1d2b2c0423
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a018d1cf990d0c339fe0e29b762ea5dc10567d67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad4c3037dc77739a625246a2a0fb23b8f3402c06
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c6015d0f7a2236ddb3928b2dfcb1c556a1368b55
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4d1ca0a84a6650d3172eb8c07ef2fbc585b0d96
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e6b585d016c47ca8a37b92ea8a3fe35c0b585256
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f746fe0c51e044d1248dc67918328bfb3d86b639
    Patch