CVE-2025-37866

Summary

In the Linux kernel, the following vulnerability has been resolved:

mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()

A warning is seen when running the latest kernel on a BlueField SOC: [251.512704] ————[ cut here ]———— [251.512711] invalid sysfs_emit: buf:0000000003aa32ae [251.512720] WARNING: CPU: 1 PID: 705264 at fs/sysfs/file.c:767 sysfs_emit+0xac/0xc8

The warning is triggered because the mlxbf-bootctl driver invokes "sysfs_emit()" with a buffer pointer that is not aligned to the start of the page. The driver should instead use "sysfs_emit_at()" to support non-zero offsets into the destination buffer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9886f575de5aefcfab537467c72e5176e5301df0 < 5e1dcc5bfd7a2896178c604bc69d6ab9650967daaffected
LinuxLinux9886f575de5aefcfab537467c72e5176e5301df0 < b129005ddfc0e6daf04a6d3b928a9e474f9b3918affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.14.4 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References