CVE-2025-37780: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1] The handle_bytes value passed in by the reproducing program is equal to 12. In handle_to_path(), only 12 bytes of memory are allocated for the structure file_handle->f_handle member, which causes an out-of-bounds access when accessing the member parent_block of the structure isofs_fid in isofs, because accessing parent_block requires at least 16 bytes of f_handle. Here, fh_len is used to indirectly confirm that the value of handle_bytes is greater than 3 before accessing parent_block. [1] BUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 Read of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466 CPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x198/0x550 mm/kasan/report.c:521 kasan_report+0xd8/0x138 mm/kasan/report.c:634 __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380 isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523 do_handle_to_path+0xa0/0x198 fs/fhandle.c:257 handle_to_path fs/fhandle.c:385 [inline] do_handle_open+0x8cc/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 6466: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306 kmalloc_noprof include/linux/slab.h:905 [inline] handle_to_path fs/fhandle.c:357 [inline] do_handle_open+0x5a4/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
AI Analysis
Technical Summary
CVE-2025-37780 is a vulnerability identified in the Linux kernel's ISO 9660 filesystem implementation, specifically within the isofs module. The flaw arises from an out-of-bounds read condition in the function isofs_fh_to_parent, which is responsible for converting file handles to parent directory references. The vulnerability occurs because the code allocates only 12 bytes for the file_handle->f_handle member, but subsequently accesses the parent_block member of the isofs_fid structure, which requires at least 16 bytes. This mismatch leads to a slab-out-of-bounds read, as confirmed by Kernel Address Sanitizer (KASAN) reports. The issue was detected by syzbot, an automated kernel fuzzer, which triggered the bug by passing a handle_bytes value of 12, insufficient for safe access to parent_block. The kernel call stack shows the fault occurs during the processing of open_by_handle_at system calls, which are used to open files via file handles rather than traditional pathnames. Although no known exploits are currently reported in the wild, the vulnerability could potentially be triggered by a local attacker or malicious process with the ability to invoke these system calls. The problem affects specific Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was publicly disclosed in May 2025. The root cause is a logic error in memory allocation size and boundary checking within the isofs filesystem code, leading to an out-of-bounds memory read that could cause kernel crashes or information leakage. The vulnerability does not require user interaction but does require the ability to execute system calls that interact with the isofs filesystem, which is commonly used for ISO images and CD-ROM filesystems.
Potential Impact
For European organizations, the impact of CVE-2025-37780 depends on the deployment of Linux systems utilizing the isofs filesystem, particularly those that mount ISO images or use CD-ROM filesystems. While the vulnerability is a read out-of-bounds error, it can lead to kernel crashes (denial of service) or potentially expose kernel memory contents, which may include sensitive information. This could disrupt critical services running on Linux servers, especially in sectors like finance, healthcare, and government where Linux is prevalent. Additionally, organizations using containerized environments or virtual machines on Linux hosts might face stability issues if the underlying kernel is vulnerable. Although exploitation requires local access and the ability to invoke specific system calls, insider threats or compromised accounts could leverage this flaw to escalate impact. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely used Linux kernels necessitates prompt attention. The impact on confidentiality, integrity, and availability is primarily availability (due to possible crashes) and confidentiality (due to potential memory disclosure).
Mitigation Recommendations
To mitigate CVE-2025-37780, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring that the isofs module correctly allocates sufficient memory and performs proper boundary checks. 2) Audit systems to identify usage of the isofs filesystem and limit mounting of untrusted ISO images or CD-ROM filesystems, reducing attack surface. 3) Restrict local user privileges to prevent unauthorized invocation of open_by_handle_at system calls on isofs mounts. 4) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues proactively. 5) Monitor system logs for unusual kernel warnings or crashes related to isofs operations, enabling early detection of exploitation attempts. 6) Where feasible, disable or remove support for isofs if not required, minimizing exposure. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure rapid remediation and response.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2025-37780: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1] The handle_bytes value passed in by the reproducing program is equal to 12. In handle_to_path(), only 12 bytes of memory are allocated for the structure file_handle->f_handle member, which causes an out-of-bounds access when accessing the member parent_block of the structure isofs_fid in isofs, because accessing parent_block requires at least 16 bytes of f_handle. Here, fh_len is used to indirectly confirm that the value of handle_bytes is greater than 3 before accessing parent_block. [1] BUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 Read of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466 CPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x198/0x550 mm/kasan/report.c:521 kasan_report+0xd8/0x138 mm/kasan/report.c:634 __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380 isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523 do_handle_to_path+0xa0/0x198 fs/fhandle.c:257 handle_to_path fs/fhandle.c:385 [inline] do_handle_open+0x8cc/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 6466: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306 kmalloc_noprof include/linux/slab.h:905 [inline] handle_to_path fs/fhandle.c:357 [inline] do_handle_open+0x5a4/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
AI-Powered Analysis
Technical Analysis
CVE-2025-37780 is a vulnerability identified in the Linux kernel's ISO 9660 filesystem implementation, specifically within the isofs module. The flaw arises from an out-of-bounds read condition in the function isofs_fh_to_parent, which is responsible for converting file handles to parent directory references. The vulnerability occurs because the code allocates only 12 bytes for the file_handle->f_handle member, but subsequently accesses the parent_block member of the isofs_fid structure, which requires at least 16 bytes. This mismatch leads to a slab-out-of-bounds read, as confirmed by Kernel Address Sanitizer (KASAN) reports. The issue was detected by syzbot, an automated kernel fuzzer, which triggered the bug by passing a handle_bytes value of 12, insufficient for safe access to parent_block. The kernel call stack shows the fault occurs during the processing of open_by_handle_at system calls, which are used to open files via file handles rather than traditional pathnames. Although no known exploits are currently reported in the wild, the vulnerability could potentially be triggered by a local attacker or malicious process with the ability to invoke these system calls. The problem affects specific Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was publicly disclosed in May 2025. The root cause is a logic error in memory allocation size and boundary checking within the isofs filesystem code, leading to an out-of-bounds memory read that could cause kernel crashes or information leakage. The vulnerability does not require user interaction but does require the ability to execute system calls that interact with the isofs filesystem, which is commonly used for ISO images and CD-ROM filesystems.
Potential Impact
For European organizations, the impact of CVE-2025-37780 depends on the deployment of Linux systems utilizing the isofs filesystem, particularly those that mount ISO images or use CD-ROM filesystems. While the vulnerability is a read out-of-bounds error, it can lead to kernel crashes (denial of service) or potentially expose kernel memory contents, which may include sensitive information. This could disrupt critical services running on Linux servers, especially in sectors like finance, healthcare, and government where Linux is prevalent. Additionally, organizations using containerized environments or virtual machines on Linux hosts might face stability issues if the underlying kernel is vulnerable. Although exploitation requires local access and the ability to invoke specific system calls, insider threats or compromised accounts could leverage this flaw to escalate impact. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely used Linux kernels necessitates prompt attention. The impact on confidentiality, integrity, and availability is primarily availability (due to possible crashes) and confidentiality (due to potential memory disclosure).
Mitigation Recommendations
To mitigate CVE-2025-37780, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring that the isofs module correctly allocates sufficient memory and performs proper boundary checks. 2) Audit systems to identify usage of the isofs filesystem and limit mounting of untrusted ISO images or CD-ROM filesystems, reducing attack surface. 3) Restrict local user privileges to prevent unauthorized invocation of open_by_handle_at system calls on isofs mounts. 4) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues proactively. 5) Monitor system logs for unusual kernel warnings or crashes related to isofs operations, enabling early detection of exploitation attempts. 6) Where feasible, disable or remove support for isofs if not required, minimizing exposure. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure rapid remediation and response.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.940Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe83e1
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 7/3/2025, 11:13:21 PM
Last updated: 8/17/2025, 9:02:27 PM
Views: 19
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.