CVE-2025-37981

HIGH

Linux Kernel 6.12-6.12.24, 6.13-6.14.3, 6.15 - Out-of-bounds Write in smartpqi Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether special adjustments need to be made for kdump. This has the effect that after a regular kexec reboot, some driver parameters such as max_transfer_size are much lower than usual. More importantly, kexec reboot tests have revealed memory corruption caused by the driver log being written to system memory after a kexec. Fix this by testing is_kdump_kernel() rather than reset_devices where appropriate.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/7cc670e8ebaa5241dd99c0ad75eceb8f8f64f607

Patch

https://git.kernel.org/stable/c/ebf673c76ce91e612a882dfaa9a3824962994aae

Patch

https://git.kernel.org/stable/c/a2d5a0072235a69749ceb04c1a26dc75df66a31a

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (12)

linux/Kernel 6.12.0 - 6.12.25linux

linux/Kernel 6.13.0 - 6.14.4linux

Linux/Linux < 6.12

Linux/Linux 058311b72f54890de824b063feb603942269b732 - 7cc670e8ebaa5241dd99c0ad75eceb8f8f64f607

Linux/Linux 058311b72f54890de824b063feb603942269b732 - a2d5a0072235a69749ceb04c1a26dc75df66a31a

Linux/Linux 058311b72f54890de824b063feb603942269b732 - ebf673c76ce91e612a882dfaa9a3824962994aae

Linux/Linux 6.12

Linux/Linux 6.12.25 - 6.12.*

Linux/Linux 6.14.4 - 6.14.*

Linux/Linux 6.15

... and 2 more

Published May 20, 2025

Tracked Since Feb 18, 2026