CVE-2025-37791

In the Linux kernel, the following vulnerability has been resolved:

ethtool: cmiscdb: use correct rpl size in ethtoolcmismodulepoll()

rpl is passed as a pointer to ethtoolcmismodule_poll(), so the correct size of rpl is sizeof(*rpl) which should be just 1 byte. Using the pointer size instead can cause stack corruption:

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtoolcmiswaitforcond+0xf4/0x100 CPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded Tainted: G OE 6.11.0 #24 Tainted: [O]=OOTMODULE, [E]=UNSIGNEDMODULE Hardware name: Dell Inc. PowerEdge R760/04GWWM, BIOS 1.6.6 09/20/2023 Workqueue: events moduleflashfwwork Call Trace: <TASK> panic+0x339/0x360 ? ethtoolcmiswaitforcond+0xf4/0x100 ? _pfxstatussuccess+0x10/0x10 ? _pfxstatusfail+0x10/0x10 _stackchkfail+0x10/0x10 ethtoolcmiswaitforcond+0xf4/0x100 ethtoolcmiscdbexecutecmd+0x1fc/0x330 ? _pfxstatusfail+0x10/0x10 cmiscdbmodulefeaturesget+0x6d/0xd0 ethtoolcmiscdbinit+0x8a/0xd0 ethtoolcmisfwupdate+0x46/0x1d0 moduleflashfwwork+0x17/0xa0 processonework+0x179/0x390 workerthread+0x239/0x340 ? _pfxworkerthread+0x10/0x10 kthread+0xcc/0x100 ? _pfxkthread+0x10/0x10 retfromfork+0x2d/0x50 ? _pfxkthread+0x10/0x10 retfromfork_asm+0x1a/0x30 </TASK>