CVE-2025-37812

MEDIUM EPSS 2.8%
Published May 8, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 8, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for example using "iperf --bidir" over NCM ethernet link. The deadlock occurs because the threaded interrupt handler gets preempted by a softirq, but both are protected by the same spinlock. Prevent deadlock by disabling softirq during threaded irq handler.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥5.4  –  <5.4.293
linuxlinux_kernel*≥5.5  –  <5.10.237
linuxlinux_kernel*≥5.11  –  <5.15.181
linuxlinux_kernel*≥5.16  –  <6.1.136
linuxlinux_kernel*≥6.2  –  <6.6.89
linuxlinux_kernel*≥6.7  –  <6.12.26
linuxlinux_kernel*≥6.13  –  <6.14.5
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/09e90a9689a4aac7a2f726dc2aa472b0b37937b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48a62deb857f0694f611949015e70ad194d97159
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59a760e4796a3cd88d8b9d7706e0a638de677751
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74cd6e408a4c010e404832f0e4609d29bf1d0c41
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a1059896f2bfdcebcdc7153c3be2307ea319501f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b96239582531775f2fdcb14de29bdb6870fd4c8c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c27db84ed44e50ff90d9e3a2a25fae2e0a0fa015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eebfb64c624fc738b669100173344fb441c5e719
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/09e90a9689a4aac7a2f726dc2aa472b0b37937b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48a62deb857f0694f611949015e70ad194d97159
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59a760e4796a3cd88d8b9d7706e0a638de677751
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74cd6e408a4c010e404832f0e4609d29bf1d0c41
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a1059896f2bfdcebcdc7153c3be2307ea319501f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b96239582531775f2fdcb14de29bdb6870fd4c8c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c27db84ed44e50ff90d9e3a2a25fae2e0a0fa015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eebfb64c624fc738b669100173344fb441c5e719
    Patch