CVE-2025-37975

HIGH EPSS 4.6%
Published May 20, 20251y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published May 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end of the relocation section. Simplify to num_relocations which is equivalent to the existing size expression.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥6.8  –  <6.12.25
linuxlinux_kernel*≥6.13  –  <6.14.4
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/0b4cce68efb93e31a8e51795d696df6e379cb41c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95e4e1c1cf614d125f159db9726b7abb32e18385
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a068ea00009d373d825c528f9c168501519211b4
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b4cce68efb93e31a8e51795d696df6e379cb41c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95e4e1c1cf614d125f159db9726b7abb32e18385
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a068ea00009d373d825c528f9c168501519211b4
    Patch