CVE-2025-37851
"Ommapfb Buffer Overflow Vulnerability"
Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane. The value of this parameter is initialized in dss_init_overlays and in the current state of the code it cannot take this value so it's not a real problem. For the purposes of defensive coding it wouldn't be superfluous to check the parameter value, because some functions down the call stack process this value correctly and some not. For example, in dispc_ovl_setup_global_alpha it may lead to buffer overflow. Add check for this value. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool.
INFO
Published Date :
May 9, 2025, 7:16 a.m.
Last Modified :
May 12, 2025, 5:32 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-37851.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-37851 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-37851 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 09, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane. The value of this parameter is initialized in dss_init_overlays and in the current state of the code it cannot take this value so it's not a real problem. For the purposes of defensive coding it wouldn't be superfluous to check the parameter value, because some functions down the call stack process this value correctly and some not. For example, in dispc_ovl_setup_global_alpha it may lead to buffer overflow. Add check for this value. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. Added Reference https://git.kernel.org/stable/c/09dbf22fd68c2f1a81ab89670ffa1ec3033436c4 Added Reference https://git.kernel.org/stable/c/3e411827f31db7f938a30a3c7a7599839401ec30 Added Reference https://git.kernel.org/stable/c/4efd8ef5e40f2c7a4a91a5a9f03140bfa827da89 Added Reference https://git.kernel.org/stable/c/52eafaa56f8f6d6a0cdff9282b25b4acbde34edc Added Reference https://git.kernel.org/stable/c/660a53a0694d1f3789802509fe729dd4656fc5e0 Added Reference https://git.kernel.org/stable/c/9b0a41589ee70529b20e1e0108d03f10c649bdc4 Added Reference https://git.kernel.org/stable/c/a570efb4d877adbf3db2dc95487f2ba6bfdd148a Added Reference https://git.kernel.org/stable/c/cdf41d72e8b015d9ea68f5a1c0a79624e7c312aa Added Reference https://git.kernel.org/stable/c/fda15c5b96b883d62fb2d84a3a1422aa87717897
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-37851 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-37851
weaknesses.