{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: udmabuf: fix a buf size overflow issue during udmabuf creation",
    "id" : "2365013",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2365013"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-120",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nudmabuf: fix a buf size overflow issue during udmabuf creation\nby casting size_limit_mb to u64  when calculate pglimit.", "A buffer-overflow vulnerability was found in the Linux kernel's udmabuf driver. The flaw occurs in the `udmabuf_create()` function, which calculates the page count limit (`pglimit`) using the variable `size_limit_mb`. This size variable can be misinterpreted as either 32-bit or 64-bit, resulting in incorrect page limit checks and allocating a larger DMA buffer than permitted. This issue can lead to memory corruption, system instability, and a denial of service." ],
  "statement" : "An integer overflow in udmabuf_create can occur when computing the page limit from size_limit_mb using 32 bit arithmetic before shifting. This can cause pglimit to wrap and may break the intended buffer size enforcement, allowing a local user with access to the udmabuf device to request unexpectedly large allocations. The issue is not network reachable and does not imply memory corruption by itself. Impact is primarily denial of service via memory pressure or allocation failures.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-09-08T00:00:00Z",
    "advisory" : "RHSA-2025:15447",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.31.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-09-08T00:00:00Z",
    "advisory" : "RHSA-2025:15429",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.41.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-09-08T00:00:00Z",
    "advisory" : "RHSA-2025:15429",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.41.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-23T00:00:00Z",
    "advisory" : "RHSA-2025:11571",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.126.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-23T00:00:00Z",
    "advisory" : "RHSA-2025:11572",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.126.1.rt14.411.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11810",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.79.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-37803\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37803\nhttps://lore.kernel.org/linux-cve-announce/2025050814-CVE-2025-37803-0c5c@gregkh/T" ],
  "name" : "CVE-2025-37803",
  "csaw" : false
}