CVE-2025-37749
- Source
- https://cve.org/CVERecord?id=CVE-2025-37749
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37749.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37749
- Downstream
- Related
- Published
- 2025-05-01T12:55:55.316Z
- Modified
- 2026-03-20T12:42:24.161774Z
- Summary
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: ppp: Add bound checking for skb data on pppsynctxmung
Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets.
When pppsynctxmung receives an incoming package with an empty payload: (remote) gef⤠p *(struct pppoehdr *) (skb->head + skb->networkheader) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0xffff8880371cdb96 }
from the skb struct (trimmed) tail = 0x16, end = 0x140, head = 0xffff88803346f400 "4", data = 0xffff88803346f416 ":\377", truesize = 0x380, len = 0x0, datalen = 0x0, maclen = 0xe, hdr_len = 0x0,
it is not safe to access data[2].
[pabeni@redhat.com: fixed subj typo]
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37749.json" }- References
-
- https://git.kernel.org/stable/c/1f6eb9fa87a781d5370c0de7794ae242f1a95ee5
- https://git.kernel.org/stable/c/529401c8f12ecc35f9ea5d946d5a5596cf172b48
- https://git.kernel.org/stable/c/6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e
- https://git.kernel.org/stable/c/99aa698dec342a07125d733e39aab4394b3b7e05
- https://git.kernel.org/stable/c/aabc6596ffb377c4c9c8f335124b92ea282c9821
- https://git.kernel.org/stable/c/b4c836d33ca888695b2f2665f948bc1b34fbd533
- https://git.kernel.org/stable/c/b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca
- https://git.kernel.org/stable/c/de5a4f0cba58625e88b7bebd88f780c8c0150997
- https://git.kernel.org/stable/c/fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37749.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-37749
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed529401c8f12ecc35f9ea5d946d5a5596cf172b48Fixedde5a4f0cba58625e88b7bebd88f780c8c0150997Fixed99aa698dec342a07125d733e39aab4394b3b7e05Fixedb78f2b458f56a5a4d976c8e01c43dbf58d3ea2caFixedfbaffe8bccf148ece8ad67eb5d7aa852cabf59c8Fixedb4c836d33ca888695b2f2665f948bc1b34fbd533Fixed1f6eb9fa87a781d5370c0de7794ae242f1a95ee5Fixed6e8a6bf43cea4347121ab21bb1ed8d7bef7e732eFixedaabc6596ffb377c4c9c8f335124b92ea282c9821