CVE-2025-37863

Published: May 9, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feature, but without actually handling this case, resulting in an Oops. Fix by disallowing datadir without lowerdir.

Vendor	Product	Versions
Linux	Linux	affected `cc0918b3582c98f12cfb30bf7496496d14bff3e9 - < 0874b629f65320778e7e3e206177770666d9db18` affected `24e16e385f2272b1a9df51337a5c32d28a29c7ad - < b9e3579213ba648fa23f780e8d53e99011c62331` affected `24e16e385f2272b1a9df51337a5c32d28a29c7ad - < 21d2ffb0e9838a175064c22f3a9de97d1f56f27d` affected `24e16e385f2272b1a9df51337a5c32d28a29c7ad - < eb3a04a8516ee9b5174379306f94279fc90424c4` affected `6.6.23 - < 6.6.88`
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.6.88 - <= 6.6.` unaffected `6.12.25 - <= 6.12.` unaffected `6.14.4 - <= 6.14.*` +1 more versions

References

https://git.kernel.org/stable/c/0874b629f65320778e7e3e206177770666d9db18

https://git.kernel.org/stable/c/b9e3579213ba648fa23f780e8d53e99011c62331

https://git.kernel.org/stable/c/21d2ffb0e9838a175064c22f3a9de97d1f56f27d

https://git.kernel.org/stable/c/eb3a04a8516ee9b5174379306f94279fc90424c4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-37863

Description

Affected Products

References