CVE-2025-37810: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, CVE-2025-37810 addresses a vulnerability in the TIOCL_SELMOUSEREPORT functionality. This requirement was previously loosened in commit 2f83e38a095f but was found to have inconsistent logic and potential security risks. The vulnerability affects the tty subsystem and was discovered in early 2025 (Linux Kernel).

The vulnerability stems from inconsistent logic in handling TIOCLSELMOUSEREPORT mode parameter, where the lower four bits were used as an additional argument. The patch did still require CAPSYS_ADMIN if mouse button bits are set, but did not require it if none of the mouse buttons bits are set. This inconsistency allows potential attackers to simulate mouse movements and inject input that could be misinterpreted as keyboard input by programs like libreadline/bash (Linux Kernel).

The vulnerability can allow attackers to simulate keyboard input to command line applications on the same terminal, similar to TIOCSTI keystroke injection attacks. While attackers don't have complete control over the escape sequence, they can control values of two consecutive bytes in the binary mouse reporting escape sequence, potentially leading to unauthorized input injection (Linux Kernel).

The fix involves reverting back to requiring CAPSYSADMIN for all usages of TIOCLSELMOUSEREPORT, as it was before commit 2f83e38a095f. This is justified since TIOCLSELMOUSEREPORT is only meant to be used by mouse daemons (GPM or Consolation) which run with CAPSYSADMIN privileges already (Linux Kernel).