CVE-2025-37811

MEDIUM EPSS 4.6%
Published May 8, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 8, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥5.15.179  –  <5.15.181
linuxlinux_kernel*≥6.1.129  –  <6.1.136
linuxlinux_kernel*≥6.6.72  –  <6.6.89
linuxlinux_kernel*≥6.12.10  –  <6.12.26
linuxlinux_kernel*≥6.13.1  –  <6.14.5
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0ee460498ced49196149197c9f6d29a10e5e0798
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/121e9f80ea5478bca3a8f3f26593fd66f87da649
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2aa87bd825377f5073b76701780a902cd0fc725a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e28f79e3dffa52d327b46d1a78dac16efb5810b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8060b719676e8c0e5a2222c2977ba0458d9d9535
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/887902ca73490f38c69fd6149ef361a041cf912f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0ee460498ced49196149197c9f6d29a10e5e0798
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/121e9f80ea5478bca3a8f3f26593fd66f87da649
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2aa87bd825377f5073b76701780a902cd0fc725a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e28f79e3dffa52d327b46d1a78dac16efb5810b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8060b719676e8c0e5a2222c2977ba0458d9d9535
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/887902ca73490f38c69fd6149ef361a041cf912f
    Patch