CVE-2025-37810: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37810 was disclosed on May 8, 2025, affecting the Linux kernel's USB DWC3 gadget driver. The vulnerability involves an event count validation issue where there is a check for the count being zero, but not for exceeding the event buffer length (NVD).

The vulnerability exists in the DWC3_GEVNTCOUNT register handling where the event count is read but not properly validated against the event buffer length. While there is a check for the count being zero, there is no verification that the count doesn't exceed the buffer length, potentially leading to an out-of-bounds memory access during memcpy operations (Wiz).

The vulnerability can result in a kernel paging request failure and system crash, as evidenced by the crash log showing an inability to handle kernel paging requests at virtual address ffffffc0129be000. This occurs during the memcpy operation in the dwc3checkevent_buf function (NVD).

The vulnerability has been patched in the Linux kernel through a fix that implements proper event count validation against the event buffer length. Various Linux distributions are in the process of releasing updated kernel packages to address this issue (Wiz).