[LTS 8.6] CVE-2025-37803

[pvts-mat]

[LTS 8.6]
CVE-2025-37803
VULN-71332

Problem

https://nvd.nist.gov/vuln/detail/CVE-2025-37803

udmabuf: fix a buf size overflow issue during udmabuf creation

by casting size_limit_mb to u64  when calculate pglimit.

Applicability: no

The affected file drivers/dma-buf/udmabuf.c is present in the ciqlts8_6 version, along with the problematic integer operation:

kernel-src-tree/drivers/dma-buf/udmabuf.c

Line 174 in 499f93a

pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;

However, the CONFIG_UDMABUF cannot be found in any configuration variant

$ grep CONFIG_UDMABUF configs/kernel*.config
$ echo $? 
1

Investigating the .config file created after make config + make oldconfig confirms the CONFIG_UDMABUF is disabled:

$ grep CONFIG_UDMABUF .config

# CONFIG_UDMABUF is not set

The udmabuf module can be detected from within the system by checking for /dev/udmabuf device:

[root@ciqlts-8-6 pvts]# ls -lha  /dev/udmabuf
ls: cannot access '/dev/udmabuf': No such file or directory

Version LTS 9.2 for comparison:

[root@ciqlts-9-2 pvts]# ls -lha  /dev/udmabuf
crw-rw----. 1 root kvm 10, 125 Jul  2 21:58 /dev/udmabuf

[PlaidCat]

The fact UDMA buff isn't compiled into the kernel for Rocky8 at the config level and it is also not in Rocky 8.10 means I concur with your analysis. We can mark this not applicable with CIQ supported configs.

[jmaple@devbox configs]$ git branch --show-current
rocky8_10

[jmaple@devbox configs]$ grep CONFIG_UDMABUF  kernel-*.config
kernel-4.18.0-aarch64.config:# CONFIG_UDMABUF is not set
kernel-4.18.0-aarch64-debug.config:# CONFIG_UDMABUF is not set
kernel-4.18.0-ppc64le.config:# CONFIG_UDMABUF is not set
kernel-4.18.0-ppc64le-debug.config:# CONFIG_UDMABUF is not set
kernel-4.18.0-s390x.config:# CONFIG_UDMABUF is not set
kernel-4.18.0-s390x-debug.config:# CONFIG_UDMABUF is not set
kernel-4.18.0-x86_64.config:# CONFIG_UDMABUF is not set
kernel-4.18.0-x86_64-debug.config:# CONFIG_UDMABUF is not set

Thank You