CVE-2025-37900

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37900
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37900.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37900
Downstream
Related
Published
2025-05-20T15:21:35Z
Modified
2025-10-18T01:01:47.443183Z
Summary
iommu: Fix two issues in iommu_copy_struct_from_user()
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu: Fix two issues in iommucopystructfromuser()

In the review for iommucopystructtouser() helper, Matt pointed out that a NULL pointer should be rejected prior to dereferencing it: https://lore.kernel.org/all/86881827-8E2D-461C-BDA3-FA8FD14C343C@nvidia.com

And Alok pointed out a typo at the same time: https://lore.kernel.org/all/480536af-6830-43ce-a327-adbd13dc3f1d@oracle.com

Since both issues were copied from iommucopystructfromuser(), fix them first in the current header.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e9d36c07bb787840e4813fb09a929a17d522a69f
Fixed
2e303d010722787dc84d94f68d70fe10dfc1b9ea
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e9d36c07bb787840e4813fb09a929a17d522a69f
Fixed
967d6f0d9a20a1bf15ee7ed881e2d4e532e22709
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e9d36c07bb787840e4813fb09a929a17d522a69f
Fixed
30a3f2f3e4bd6335b727c83c08a982d969752bc1

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.15-rc1
v6.15-rc2
v6.6
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "322518583998447771139516558022769408309",
            "length": 365.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2e303d010722787dc84d94f68d70fe10dfc1b9ea",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "include/linux/iommu.h",
            "function": "__iommu_copy_struct_from_user"
        },
        "signature_type": "Function",
        "id": "CVE-2025-37900-11f5473a"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "126048769056817862507111656407174809534",
                "212809588270335410667099949075311685942",
                "161396625587469729463951135096788700923",
                "265372057309140752780725362101524586067",
                "220287891621130589625761286817808769081",
                "24903859071594271958249509486490938625",
                "112207804797952555132878212601962511637",
                "55300798891753332808454943763317994654",
                "208370758724591309504176043083530782955",
                "34569833646305319620046306367384327683"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2e303d010722787dc84d94f68d70fe10dfc1b9ea",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "include/linux/iommu.h"
        },
        "signature_type": "Line",
        "id": "CVE-2025-37900-48082f3b"
    },
    {
        "digest": {
            "function_hash": "322518583998447771139516558022769408309",
            "length": 365.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30a3f2f3e4bd6335b727c83c08a982d969752bc1",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "include/linux/iommu.h",
            "function": "__iommu_copy_struct_from_user"
        },
        "signature_type": "Function",
        "id": "CVE-2025-37900-4f8b9056"
    },
    {
        "digest": {
            "function_hash": "322518583998447771139516558022769408309",
            "length": 365.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@967d6f0d9a20a1bf15ee7ed881e2d4e532e22709",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "include/linux/iommu.h",
            "function": "__iommu_copy_struct_from_user"
        },
        "signature_type": "Function",
        "id": "CVE-2025-37900-7363ef33"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "126048769056817862507111656407174809534",
                "212809588270335410667099949075311685942",
                "161396625587469729463951135096788700923",
                "265372057309140752780725362101524586067",
                "220287891621130589625761286817808769081",
                "24903859071594271958249509486490938625",
                "112207804797952555132878212601962511637",
                "55300798891753332808454943763317994654",
                "208370758724591309504176043083530782955",
                "34569833646305319620046306367384327683"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30a3f2f3e4bd6335b727c83c08a982d969752bc1",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "include/linux/iommu.h"
        },
        "signature_type": "Line",
        "id": "CVE-2025-37900-7fd7ac17"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "126048769056817862507111656407174809534",
                "212809588270335410667099949075311685942",
                "161396625587469729463951135096788700923",
                "265372057309140752780725362101524586067",
                "220287891621130589625761286817808769081",
                "24903859071594271958249509486490938625",
                "112207804797952555132878212601962511637",
                "55300798891753332808454943763317994654",
                "208370758724591309504176043083530782955",
                "34569833646305319620046306367384327683"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@967d6f0d9a20a1bf15ee7ed881e2d4e532e22709",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "include/linux/iommu.h"
        },
        "signature_type": "Line",
        "id": "CVE-2025-37900-e5ce76c0"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.28
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.6