{"id":"CVE-2025-37749","summary":"net: ppp: Add bound checking for skb data on ppp_sync_txmung","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef➤  p *(struct pppoe_hdr *) (skb-\u003ehead + skb-\u003enetwork_header)\n$18 = {\n\ttype = 0x1,\n\tver = 0x1,\n\tcode = 0x0,\n\tsid = 0x2,\n        length = 0x0,\n\ttag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n      tail = 0x16,\n      end = 0x140,\n      head = 0xffff88803346f400 \"4\",\n      data = 0xffff88803346f416 \":\\377\",\n      truesize = 0x380,\n      len = 0x0,\n      data_len = 0x0,\n      mac_len = 0xe,\n      hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]","modified":"2026-04-02T12:47:22.497941Z","published":"2025-05-01T12:55:55.316Z","related":["ALSA-2025:20095","ALSA-2025:7903","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:01983-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37749.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1f6eb9fa87a781d5370c0de7794ae242f1a95ee5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/529401c8f12ecc35f9ea5d946d5a5596cf172b48"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/99aa698dec342a07125d733e39aab4394b3b7e05"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aabc6596ffb377c4c9c8f335124b92ea282c9821"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b4c836d33ca888695b2f2665f948bc1b34fbd533"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca"},{"type":"WEB","url":"https://git.kernel.org/stable/c/de5a4f0cba58625e88b7bebd88f780c8c0150997"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37749.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37749"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"529401c8f12ecc35f9ea5d946d5a5596cf172b48"},{"fixed":"de5a4f0cba58625e88b7bebd88f780c8c0150997"},{"fixed":"99aa698dec342a07125d733e39aab4394b3b7e05"},{"fixed":"b78f2b458f56a5a4d976c8e01c43dbf58d3ea2ca"},{"fixed":"fbaffe8bccf148ece8ad67eb5d7aa852cabf59c8"},{"fixed":"b4c836d33ca888695b2f2665f948bc1b34fbd533"},{"fixed":"1f6eb9fa87a781d5370c0de7794ae242f1a95ee5"},{"fixed":"6e8a6bf43cea4347121ab21bb1ed8d7bef7e732e"},{"fixed":"aabc6596ffb377c4c9c8f335124b92ea282c9821"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37749.json"}}],"schema_version":"1.7.5"}