CVE-2025-37846

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET* and reading it can result in a UBSAN out-of-bounds array access error, specifically when the MOPS exception is taken from a SET* sequence with XZR (reg 31) as the source. Architecturally this is the only case where a src/dst/size field in the ESR can be reported as 31. Prior to 2de451a329cf662b the code in do_el0_mops() was benign as the use of pt_regs_read_reg() prevented the out-of-bounds access.

Reserved 2025-04-16 | Published 2025-05-09 | Updated 2025-05-09 | Assigner Linux

Product status

Default status
unaffected

2de451a329cf662beeba71f63c7f83ee24ca6642 before eec737e17e5567e08148550a7f1d94d495b9fb17
affected

2de451a329cf662beeba71f63c7f83ee24ca6642 before 43267d934eacff6c70e15545d804ebbcab8a0bf5
affected

2de451a329cf662beeba71f63c7f83ee24ca6642 before 5f6022a74147675124b781fdc056b291850e7786
affected

2de451a329cf662beeba71f63c7f83ee24ca6642 before a13bfa4fe0d6949cea14718df2d1fe84c38cd113
affected

Default status
affected

6.7
affected

Any version before 6.7
unaffected

6.12.24
unaffected

6.13.12
unaffected

6.14.3
unaffected

6.15-rc1
unaffected

References

git.kernel.org/...c/eec737e17e5567e08148550a7f1d94d495b9fb17

git.kernel.org/...c/43267d934eacff6c70e15545d804ebbcab8a0bf5

git.kernel.org/...c/5f6022a74147675124b781fdc056b291850e7786

git.kernel.org/...c/a13bfa4fe0d6949cea14718df2d1fe84c38cd113

cve.org (CVE-2025-37846)

nvd.nist.gov (CVE-2025-37846)

Download JSON