CVE-2025-37892
📋 TL;DR
This CVE describes a missing error check in the Linux kernel's INFTL (Inverse NAND Flash Translation Layer) subsystem. If the inftl_read_oob() function fails in INFTL_findwriteunit(), the system doesn't handle the error properly, potentially leading to memory corruption or system crashes. This affects Linux systems using MTD (Memory Technology Device) with INFTL support.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, or potential privilege escalation if memory corruption can be controlled.
Likely Case
System instability or crashes when accessing corrupted flash memory through the INFTL subsystem.
If Mitigated
Minimal impact if systems don't use INFTL or have proper error handling in place.
🎯 Exploit Status
Exploitation requires triggering the specific error condition in inftl_read_oob() through hardware interaction or corrupted flash memory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0300e751170cf80c05ca1a762a7b449e8ca6b693, 114d94f095aa405fa9a51484c4be34846d7bb386, 1c22356dfb041e5292835c9ff44d5f91bef8dd18, 5479a6af3c96f73bec2d2819532b6d6814f52dd6, 6af3b92b1c0b58ca281d0e1501bad2567f73c1a5
Vendor Advisory: https://git.kernel.org/stable/c/0300e751170cf80c05ca1a762a7b449e8ca6b693
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable INFTL support
linuxDisable the INFTL subsystem if not needed
Disable CONFIG_MTD_INFTL in kernel configuration and rebuild kernel
🧯 If You Can't Patch
- Restrict physical access to systems using INFTL devices
- Implement strict access controls for users who can interact with MTD devices
🔍 How to Verify
Check if Vulnerable:
Check if kernel has INFTL support enabled: grep CONFIG_MTD_INFTL /boot/config-$(uname -r) or check kernel configCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check if error handling is present in INFTL_findwriteunit() function📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- MTD/INFTL error messages in dmesg
- System crashes when accessing flash storage
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for kernel panic events or MTD subsystem errors in system logs🔗 References
- https://git.kernel.org/stable/c/0300e751170cf80c05ca1a762a7b449e8ca6b693
- https://git.kernel.org/stable/c/114d94f095aa405fa9a51484c4be34846d7bb386
- https://git.kernel.org/stable/c/1c22356dfb041e5292835c9ff44d5f91bef8dd18
- https://git.kernel.org/stable/c/5479a6af3c96f73bec2d2819532b6d6814f52dd6
- https://git.kernel.org/stable/c/6af3b92b1c0b58ca281d0e1501bad2567f73c1a5
- https://git.kernel.org/stable/c/7772621041ee78823ccc5f1fe38f6faa22af7023
- https://git.kernel.org/stable/c/b828d394308e8e00df0a6f57e7dabae609bb8b7b
- https://git.kernel.org/stable/c/d027951dc85cb2e15924c980dc22a6754d100c7c
- https://git.kernel.org/stable/c/e7d6ceff95c55297f0ee8f9dbc4da5c558f30e9e
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
