USB Device Pointer Management Vulnerability in Linux Kernel
CVE-2025-37986

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-37986?

A flaw within the Linux kernel affects USB device pointer management when a Type-C partner disconnects. This vulnerability allows the kernel to avoid executing operations on invalid USB device pointers by implementing a patch that invalidates these pointers upon partner unregistration. This proactive measure ensures that the system maintains a clean state for future USB device connections, thereby enhancing overall system stability and security.

Affected Version(s)

Linux 59de2a56d127890cc610f3896d5fc31887c54ac2 < 40966fc9939e85677fdb489dfddfa205baaad03b

Linux 59de2a56d127890cc610f3896d5fc31887c54ac2 < 74911338f47c13d1b9470fc50718182bffad42e2

Linux 59de2a56d127890cc610f3896d5fc31887c54ac2 < 66e1a887273c6b89f09bc11a40d0a71d5a081a8e

References

https://git.kernel.org/stable/c/40966fc9939e85677fdb489df...

https://git.kernel.org/stable/c/74911338f47c13d1b9470fc50...

https://git.kernel.org/stable/c/66e1a887273c6b89f09bc11a4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025