CVE-2025-37916

HIGH EPSS 6.8%
Published May 20, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core] [Mon Apr 21 21:21:33 2025] Use-after-free write at 0x000000007013ecd1 (in kfence-#47): [Mon Apr 21 21:21:33 2025] pdsc_auxbus_dev_del+0xef/0x160 [pds_core] [Mon Apr 21 21:21:33 2025] pdsc_remove+0xc0/0x1b0 [pds_core] [Mon Apr 21 21:21:33 2025] pci_device_remove+0x24/0x70 [Mon Apr 21 21:21:33 2025] device_release_driver_internal+0x11f/0x180 [Mon Apr 21 21:21:33 2025] driver_detach+0x45/0x80 [Mon Apr 21 21:21:33 2025] bus_remove_driver+0x83/0xe0 [Mon Apr 21 21:21:33 2025] pci_unregister_driver+0x1a/0x80 The actual device uninit usually happens on a separate thread scheduled after this code runs, but there is no guarantee of order of thread execution, so this could be a problem. There's no actual need to clear the client_id at this point, so simply remove the offending code.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
6.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.4  –  <6.6.90
linuxlinux_kernel*≥6.7  –  <6.12.28
linuxlinux_kernel*≥6.13  –  <6.14.6
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/26dc701021302f11c8350108321d11763bd81dfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c649b9653ed09196e91d3f4b16b679041b3c42e6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfd76010f8e821b66116dec3c7d90dd2403d1396
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/26dc701021302f11c8350108321d11763bd81dfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c649b9653ed09196e91d3f4b16b679041b3c42e6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfd76010f8e821b66116dec3c7d90dd2403d1396
    Patch