{"id":"CVE-2025-37846","summary":"arm64: mops: Do not dereference src reg for a set operation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mops: Do not dereference src reg for a set operation\n\nThe source register is not used for SET* and reading it can result in\na UBSAN out-of-bounds array access error, specifically when the MOPS\nexception is taken from a SET* sequence with XZR (reg 31) as the\nsource. Architecturally this is the only case where a src/dst/size\nfield in the ESR can be reported as 31.\n\nPrior to 2de451a329cf662b the code in do_el0_mops() was benign as the\nuse of pt_regs_read_reg() prevented the out-of-bounds access.","modified":"2026-03-20T12:42:30.469051Z","published":"2025-05-09T06:41:54.648Z","related":["SUSE-SU-2025:01982-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37846.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/43267d934eacff6c70e15545d804ebbcab8a0bf5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f6022a74147675124b781fdc056b291850e7786"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a13bfa4fe0d6949cea14718df2d1fe84c38cd113"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eec737e17e5567e08148550a7f1d94d495b9fb17"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37846.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37846"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2de451a329cf662beeba71f63c7f83ee24ca6642"},{"fixed":"eec737e17e5567e08148550a7f1d94d495b9fb17"},{"fixed":"43267d934eacff6c70e15545d804ebbcab8a0bf5"},{"fixed":"5f6022a74147675124b781fdc056b291850e7786"},{"fixed":"a13bfa4fe0d6949cea14718df2d1fe84c38cd113"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37846.json"}}],"schema_version":"1.7.5"}