CVE - CVE-2025-37991

CVE-ID
CVE-2025-37991	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a result of lazy binding, we hit a floating-point store in fpe_func almost immediately. When the T bit is set, an assist exception trap occurs when when the co-processor encounters any floating-point instruction except for a double store of register %fr0. The latter cancels all pending traps. Let's fix this by clearing the Trap (T) bit in the FP status register before returning to the signal handler in userspace. The issue can be reproduced with this test program: root@parisc:~# cat fpe.c static void fpe_func(int sig, siginfo_t i, void v) { sigset_t set; sigemptyset(&set); sigaddset(&set, SIGFPE); sigprocmask(SIG_UNBLOCK, &set, NULL); printf("GOT signal %d with si_code %ld\n", sig, i->si_code); } int main() { struct sigaction action = { .sa_sigaction = fpe_func, .sa_flags = SA_RESTART\|SA_SIGINFO }; sigaction(SIGFPE, &action, 0); feenableexcept(FE_OVERFLOW); return printf("%lf\n",1.7976931348623158E3081.7976931348623158E308); } root@parisc:~# gcc fpe.c -lm root@parisc:~# ./a.out Floating point exception root@parisc:~# strace -f ./a.out execve("./a.out", ["./a.out"], 0xf9ac7034 / 20 vars /) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=81921024, rlim_max=RLIM_INFINITY}) = 0 ... rt_sigaction(SIGFPE, {sa_handler=0x1110a, sa_mask=[], sa_flags=SA_RESTART\|SA_SIGINFO}, NULL, 8) = 0 --- SIGFPE {si_signo=SIGFPE, si_code=FPE_FLTOVF, si_addr=0x1078f} --- --- SIGFPE {si_signo=SIGFPE, si_code=FPE_FLTOVF, si_addr=0xf8f21237} --- +++ killed by SIGFPE +++ Floating point exception
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/6a098c51d18ec99485668da44294565c43dbc106 URL:https://git.kernel.org/stable/c/6a098c51d18ec99485668da44294565c43dbc106 MISC:https://git.kernel.org/stable/c/6c639af49e9e5615a8395981eaf5943fb40acd6f URL:https://git.kernel.org/stable/c/6c639af49e9e5615a8395981eaf5943fb40acd6f MISC:https://git.kernel.org/stable/c/cf21e890f56b7d0038ddaf25224e4f4c69ecd143 URL:https://git.kernel.org/stable/c/cf21e890f56b7d0038ddaf25224e4f4c69ecd143 MISC:https://git.kernel.org/stable/c/de3629baf5a33af1919dec7136d643b0662e85ef URL:https://git.kernel.org/stable/c/de3629baf5a33af1919dec7136d643b0662e85ef MISC:https://git.kernel.org/stable/c/df3592e493d7f29bae4ffde9a9325de50ddf962e URL:https://git.kernel.org/stable/c/df3592e493d7f29bae4ffde9a9325de50ddf962e MISC:https://git.kernel.org/stable/c/ec4584495868bd465fe60a3f771915c0e7ce7951 URL:https://git.kernel.org/stable/c/ec4584495868bd465fe60a3f771915c0e7ce7951
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)