{"id":"CVE-2025-37879","summary":"9p/net: fix improper handling of bogus negative read/write replies","details":"In the Linux kernel, the following vulnerability has been resolved:\n\n9p/net: fix improper handling of bogus negative read/write replies\n\nIn p9_client_write() and p9_client_read_once(), if the server\nincorrectly replies with success but a negative write/read count then we\nwould consider written (negative) \u003c= rsize (positive) because both\nvariables were signed.\n\nMake variables unsigned to avoid this problem.\n\nThe reproducer linked below now fails with the following error instead\nof a null pointer deref:\n9pnet: bogus RWRITE count (4294967295 \u003e 3)","modified":"2026-04-16T04:38:44.894903233Z","published":"2025-05-09T06:45:43.197Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:01983-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37879.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/374e4cd75617c8c2552f562f39dd989583f5c330"},{"type":"WEB","url":"https://git.kernel.org/stable/c/468ff4a7c61fb811c596a7c44b6a5455e40fd12b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a68768e280b7d0c967ea509e791bb9b90adc94a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c548f95688e2b5ae0e2ae43d53cf717156c7d034"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0259a856afca31d699b706ed5e2adf11086c73b"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37879.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37879"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"070b3656cf228eaaef7b28b59264c5c7cdbdd0fb"},{"fixed":"468ff4a7c61fb811c596a7c44b6a5455e40fd12b"},{"fixed":"a68768e280b7d0c967ea509e791bb9b90adc94a5"},{"fixed":"c548f95688e2b5ae0e2ae43d53cf717156c7d034"},{"fixed":"374e4cd75617c8c2552f562f39dd989583f5c330"},{"fixed":"d0259a856afca31d699b706ed5e2adf11086c73b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37879.json"}}],"schema_version":"1.7.5"}