SB20250509128 - Use of uninitialized resource in Linux kernel raw brcmnand driver
Published: May 9, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250509128
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2025-37840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the brcmnand_resume() function in drivers/mtd/nand/raw/brcmnand/brcmnand.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/659b1f29f3e2fd5d751fdf35c5526d1f1c9b3dd2
- https://git.kernel.org/stable/c/6f567c6a5250e3531cfd9c7ff254ecc2650464fa
- https://git.kernel.org/stable/c/7266066b9469f04ed1d4c0fdddaea1425835eb55
- https://git.kernel.org/stable/c/8775581e1c48e1bdd04a893d6f6bbe5128ad0ea7
- https://git.kernel.org/stable/c/9bd51723ab51580e077c91d494c37e80703b8524
- https://git.kernel.org/stable/c/9dd161f707ecb7db38e5f529e979a5b6eb565b2d
- https://git.kernel.org/stable/c/c2eb3cffb0d972c5503e4d48921971c81def0fe5
- https://git.kernel.org/stable/c/ddc210cf8b8a8be68051ad958bf3e2cef6b681c2
- https://git.kernel.org/stable/c/fbcb584efa5cd912ff8a151d67b8fe22f4162a85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.181