CVE-2025-37879

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37879
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37879.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37879
Downstream
Related
Published
2025-05-09T07:16:09Z
Modified
2025-08-09T20:01:28Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

9p/net: fix improper handling of bogus negative read/write replies

In p9clientwrite() and p9clientread_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed.

Make variables unsigned to avoid this problem.

The reproducer linked below now fails with the following error instead of a null pointer deref: 9pnet: bogus RWRITE count (4294967295 > 3)

References

Affected packages