CVE-2025-37866
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37866
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37866.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37866
- Downstream
- Published
- 2025-05-09T06:43:56.128Z
- Modified
- 2025-11-28T02:34:02.296921Z
- Summary
- mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mlxbf-bootctl: use sysfsemitat() in securebootfusestateshow()
A warning is seen when running the latest kernel on a BlueField SOC: [251.512704] ------------[ cut here ]------------ [251.512711] invalid sysfsemit: buf:0000000003aa32ae [251.512720] WARNING: CPU: 1 PID: 705264 at fs/sysfs/file.c:767 sysfsemit+0xac/0xc8
The warning is triggered because the mlxbf-bootctl driver invokes "sysfsemit()" with a buffer pointer that is not aligned to the start of the page. The driver should instead use "sysfsemit_at()" to support non-zero offsets into the destination buffer.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37866.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/5e1dcc5bfd7a2896178c604bc69d6ab9650967da
- https://git.kernel.org/stable/c/b129005ddfc0e6daf04a6d3b928a9e474f9b3918
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37866.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-37866