Linux Kernel USB Component Vulnerability Impacting Device Operations
CVE-2025-37985

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-37985?

The Linux Kernel contains a race condition vulnerability in the USB subsystem, specifically within the WDM (Wireless Device Management) component. This issue occurs during the concurrent operations of 'wdm_open' and 'wdm_wwan_port_stop', which can lead to unexpected behavior when trying to manage device resources. If the operation sequence is not handled properly, it can result in opening a character device (chardev) while its URBs (USB Request Blocks) remain compromised, potentially leading to system instability and unreliable device performance.

Affected Version(s)

Linux cac6fb015f719104e60b1c68c15ca5b734f57b9c

Linux cac6fb015f719104e60b1c68c15ca5b734f57b9c < 217fe1fc7d112595a793e02b306710e702eac492

Linux cac6fb015f719104e60b1c68c15ca5b734f57b9c < 54f7f8978af19f899dec80bcc71c8d4855dfbd72

References

https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a...

https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b3...

https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025