Description

In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feature, but without actually handling this case, resulting in an Oops. Fix by disallowing datadir without lowerdir.

INFO

Published Date :

2025-05-09T06:43:54.250Z

Last Modified :

2025-05-26T05:22:33.385Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37863 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37863.

URL Resource
https://git.kernel.org/stable/c/0874b629f65320778e7e3e206177770666d9db18 cve-icon cve-icon
https://git.kernel.org/stable/c/21d2ffb0e9838a175064c22f3a9de97d1f56f27d cve-icon cve-icon
https://git.kernel.org/stable/c/b9e3579213ba648fa23f780e8d53e99011c62331 cve-icon cve-icon
https://git.kernel.org/stable/c/eb3a04a8516ee9b5174379306f94279fc90424c4 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050956-CVE-2025-37863-dcf9@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37863 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37863 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact