CVE-2025-37866

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37866
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37866.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37866
Downstream
Published
2025-05-09T06:43:56Z
Modified
2025-10-10T09:53:54.032534Z
Summary
mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()
Details

In the Linux kernel, the following vulnerability has been resolved:

mlxbf-bootctl: use sysfsemitat() in securebootfusestateshow()

A warning is seen when running the latest kernel on a BlueField SOC: [251.512704] ------------[ cut here ]------------ [251.512711] invalid sysfsemit: buf:0000000003aa32ae [251.512720] WARNING: CPU: 1 PID: 705264 at fs/sysfs/file.c:767 sysfsemit+0xac/0xc8

The warning is triggered because the mlxbf-bootctl driver invokes "sysfsemit()" with a buffer pointer that is not aligned to the start of the page. The driver should instead use "sysfsemit_at()" to support non-zero offsets into the destination buffer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9886f575de5aefcfab537467c72e5176e5301df0
Fixed
5e1dcc5bfd7a2896178c604bc69d6ab9650967da
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9886f575de5aefcfab537467c72e5176e5301df0
Fixed
b129005ddfc0e6daf04a6d3b928a9e474f9b3918

Affected versions

v6.*

v6.13
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.15-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.4