CVE-2025-37803: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37803 is a buffer size overflow vulnerability discovered in the Linux kernel's udmabuf component, specifically during udmabuf creation when calculating pglimit. The vulnerability was identified and disclosed on May 8, 2025 (NVD, CVE).

The vulnerability stems from an issue in the Linux kernel where a buffer size overflow can occur during udmabuf creation due to improper size calculation. The fix involves casting sizelimitmb to u64 when calculating pglimit. According to the Debian Security Tracker, this vulnerability affects multiple Linux kernel versions, including 5.10.223-1 and 6.1.129-1, with fixes implemented in version 6.12.27-1 (Debian Tracker).

The vulnerability affects various Linux distributions including Debian 11, 12, Red Hat Enterprise Linux 9, and Ubuntu versions ranging from 16.04 to 25.04. According to Wiz security analysis, the vulnerability has an Exploitation Probability Percentile (EPSS) of 5.1 (Wiz).

Fixed versions have been released for some distributions. Debian Sid and Trixie have been patched with version 6.12.27-1. Ubuntu and Red Hat have acknowledged the vulnerability and are working on fixes. Users are advised to update their systems to the latest available kernel version that includes the fix (Debian Tracker).