Linux Kernel Vulnerability in Module Management by Vendor
CVE-2025-37995

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
29 May 2025

What is CVE-2025-37995?

A vulnerability exists in the Linux kernel's module management system, where the function 'kobject_put()' may encounter an uninitialized pointer in error handling paths. This occurs in the 'lookup_or_create_module_kobject()' function, leading to potential inconsistencies when releasing module kobjects. An additional validation check has been introduced to ensure that 'kobject_put()' can operate safely, preventing unnecessary synchronization during the unloading process.

Affected Version(s)

Linux 942e443127e928a5631c3d5102aca8c8b3c2dd98

Linux 942e443127e928a5631c3d5102aca8c8b3c2dd98 < 9e7b49ce4f9d0cb5b6e87db9e07a2fb9e754b0dd

Linux 942e443127e928a5631c3d5102aca8c8b3c2dd98

References

https://git.kernel.org/stable/c/f1c71b4bd721a4ea21da40880...
https://git.kernel.org/stable/c/9e7b49ce4f9d0cb5b6e87db9e...
https://git.kernel.org/stable/c/faa9059631d3491d699c69ecf...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-37995 : Linux Kernel Vulnerability in Module Management by Vendor