CVE-2025-37892

mtd: inftlcore: Add error check for inftl_read_oob()

Description

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be checked. A proper implementation can be found in INFTL_deleteblock(). The status will be set as SECTOR_IGNORE to break from the while-loop correctly if the inftl_read_oob() fails.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b828d394308e8e00df0a6f57e7dabae609bb8b7b
https://git.kernel.org/stable/c/0300e751170cf80c05ca1a762a7b449e8ca6b693
https://git.kernel.org/stable/c/e7d6ceff95c55297f0ee8f9dbc4da5c558f30e9e
https://git.kernel.org/stable/c/6af3b92b1c0b58ca281d0e1501bad2567f73c1a5
https://git.kernel.org/stable/c/7772621041ee78823ccc5f1fe38f6faa22af7023
https://git.kernel.org/stable/c/5479a6af3c96f73bec2d2819532b6d6814f52dd6
https://git.kernel.org/stable/c/1c22356dfb041e5292835c9ff44d5f91bef8dd18
https://git.kernel.org/stable/c/114d94f095aa405fa9a51484c4be34846d7bb386
https://git.kernel.org/stable/c/d027951dc85cb2e15924c980dc22a6754d100c7c

Frequently Asked Questions

What is the severity of CVE-2025-37892?
CVE-2025-37892 has not yet been assigned a CVSS score.
How to fix CVE-2025-37892?
To fix CVE-2025-37892, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37892 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37892 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37892?
CVE-2025-37892 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.