{"id":"CVE-2025-37879","summary":"9p/net: fix improper handling of bogus negative read/write replies","details":"In the Linux kernel, the following vulnerability has been resolved:\n\n9p/net: fix improper handling of bogus negative read/write replies\n\nIn p9_client_write() and p9_client_read_once(), if the server\nincorrectly replies with success but a negative write/read count then we\nwould consider written (negative) \u003c= rsize (positive) because both\nvariables were signed.\n\nMake variables unsigned to avoid this problem.\n\nThe reproducer linked below now fails with the following error instead\nof a null pointer deref:\n9pnet: bogus RWRITE count (4294967295 \u003e 3)","modified":"2026-05-07T04:16:47.610484Z","published":"2025-05-09T06:45:43.197Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:01983-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37879.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/374e4cd75617c8c2552f562f39dd989583f5c330"},{"type":"WEB","url":"https://git.kernel.org/stable/c/468ff4a7c61fb811c596a7c44b6a5455e40fd12b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a68768e280b7d0c967ea509e791bb9b90adc94a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c548f95688e2b5ae0e2ae43d53cf717156c7d034"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0259a856afca31d699b706ed5e2adf11086c73b"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37879.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37879"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"070b3656cf228eaaef7b28b59264c5c7cdbdd0fb"},{"fixed":"468ff4a7c61fb811c596a7c44b6a5455e40fd12b"},{"fixed":"a68768e280b7d0c967ea509e791bb9b90adc94a5"},{"fixed":"c548f95688e2b5ae0e2ae43d53cf717156c7d034"},{"fixed":"374e4cd75617c8c2552f562f39dd989583f5c330"},{"fixed":"d0259a856afca31d699b706ed5e2adf11086c73b"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37879.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.1.0"},{"fixed":"6.1.136"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.89"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.26"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.14.5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37879.json"}}],"schema_version":"1.7.5"}