What is CVE-2025-37911?

CVE-2025-37911 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a Out-of-bounds Read flaw (CWE-125), affecting Linux kernel versions from 4.19.95 onward and patched in 5.15.182, 6.1.138, 6.6.90 and others. CVE-2025-37911 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-37911?

CVE-2025-37911 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2025-37911?

Yes, CVE-2025-37911 has been patched. Fixed versions include 5.15.182, 6.1.138, 6.6.90 and others. If you are running Linux kernel 4.19.95 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-37911 actively exploited?

CVE-2025-37911 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/125.html

CVE-2025-37911

Medium

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45): __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] ethtool_get_dump_data+0xdc/0x1a0 __dev_ethtool+0xa1e/0x1af0 dev_ethtool+0xa8/0x170 dev_ioctl+0x1b5/0x580 sock_do_ioctl+0xab/0xf0 sock_ioctl+0x1ce/0x2e0 __x64_sys_ioctl+0x87/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x78/0x80 ... This happens when copying the coredump segment list in bnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command. The info->dest_buf buffer is allocated based on the number of coredump segments returned by the FW. The segment list is then DMA'ed by the FW and the length of the DMA is returned by FW. The driver then copies this DMA'ed segment list to info->dest_buf. In some cases, this DMA length may exceed the info->dest_buf length and cause the above BUG condition. Fix it by capping the copy length to not exceed the length of info->dest_buf. The extra DMA data contains no useful information. This code path is shared for the HWRM_DBG_COREDUMP_LIST and the HWRM_DBG_COREDUMP_RETRIEVE FW commands. The buffering is different for these 2 FW commands. To simplify the logic, we need to move the line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE up, so that the new check to cap the copy length will work for both commands.

Package Linux Kernel

Published 2025-05-20

Last modified 2025-11-17

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-125

CVE-2025-37911 is a Out-of-bounds Read vulnerability

What is Out-of-bounds Read?

The product reads data past the end or before the beginning of the intended buffer. Learn more on MITRE CWE

Affected versions

Linux kernel versions 4.19.95, 5.4.8, 5.5 and later are affected. Fixed in 5.15.182, 6.1.138, 6.6.90, 6.12.28, 6.14.6, 6.15 and their respective stable series.

Affected from

≥ 4.19.95 ≥ 5.4.8 ≥ 5.5

Fixed in

✓ 5.15.182 5.15.x ✓ 6.1.138 6.1.x ✓ 6.6.90 6.6.x ✓ 6.12.28 6.12.x ✓ 6.14.6 6.14.x ✓ 6.15

References

The following references provide additional information about CVE-2025-37911 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Mailing List
Kernel patch commit
https://git.kernel.org/stable/c/43292b83424158fa6ec458799f3cb9c54d18c484
Patch
Kernel patch commit
https://git.kernel.org/stable/c/44807af79efd0d78fa36383dd865ddfe7992c0a6
Patch
Kernel patch commit
https://git.kernel.org/stable/c/44d81a9ebf0cad92512e0ffdf7412bfe20db66ec
Patch

6 patch commits total View all on NVD

Details

CVE ID CVE-2025-37911

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2025-05-20

Modified 2025-11-17

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-37911?

CVE-2025-37911 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as an Out-of-bounds Read flaw (CWE-125) . It affects Linux kernel versions from 4.19.95 onward and has been patched in 5.15.182, 6.1.138, 6.6.90 and others. CVE-2025-37911 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-37911?

CVE-2025-37911 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2025-37911?

Yes — CVE-2025-37911 has been patched. Fixed versions include 5.15.182, 6.1.138, 6.6.90 and others. If you are running Linux kernel 4.19.95 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-37911 actively exploited?

No — CVE-2025-37911 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. View CWE-125 on MITRE CWE →