Linux Kernel UCSI Driver Vulnerability Affecting DisplayPort Functionality
CVE-2025-37994

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 May 2025

What is CVE-2025-37994?

A vulnerability in the Linux kernel's UCSI driver for DisplayPort has been identified, which can result in a NULL pointer dereference. This issue occurs when the driver fails to properly manage the execution of pending tasks within the ucsi_displayport_work workqueue. If not handled correctly, this oversight can lead to potential system instability or application crashes upon partner removal. A fix has been implemented to ensure that this driver appropriately waits for all tasks to complete before proceeding, thereby enhancing operational integrity.

Affected Version(s)

Linux af8622f6a585d8d82b11cd7987e082861fd0edd3 < 7804c4d63edfdd5105926cc291e806e8f4ce01b5

Linux af8622f6a585d8d82b11cd7987e082861fd0edd3 < 076ab0631ed4928905736f1701e25f1e722bc086

Linux af8622f6a585d8d82b11cd7987e082861fd0edd3 < 14f298c52188c34acde9760bf5abc669c5c36fdb

References

https://git.kernel.org/stable/c/7804c4d63edfdd5105926cc29...

https://git.kernel.org/stable/c/076ab0631ed4928905736f170...

https://git.kernel.org/stable/c/14f298c52188c34acde9760bf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2025
Vulnerability Reserved
Apr 16, 2025