{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-37800", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.941Z", "datePublished": "2025-05-08T06:26:01.125Z", "dateUpdated": "2025-05-26T05:21:09.088Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-26T05:21:09.088Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential NULL pointer dereference in dev_uevent()\n\nIf userspace reads \"uevent\" device attribute at the same time as another\nthreads unbinds the device from its driver, change to dev->driver from a\nvalid pointer to NULL may result in crash. Fix this by using READ_ONCE()\nwhen fetching the pointer, and take bus' drivers klist lock to make sure\ndriver instance will not disappear while we access it.\n\nUse WRITE_ONCE() when setting the driver pointer to ensure there is no\ntearing."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/base.h", "drivers/base/bus.c", "drivers/base/core.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "abe56be73eb10a677d16066f65ff9d30251f5eee", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "3781e4b83e174364998855de777e184cf0b62c40", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "18daa52418e7e4629ed1703b64777294209d2622", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/base.h", "drivers/base/bus.c", "drivers/base/core.c"], "versions": [{"version": "6.6.89", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.26", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.5", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.89"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.26"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.14.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee"}, {"url": "https://git.kernel.org/stable/c/2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb"}, {"url": "https://git.kernel.org/stable/c/3781e4b83e174364998855de777e184cf0b62c40"}, {"url": "https://git.kernel.org/stable/c/18daa52418e7e4629ed1703b64777294209d2622"}], "title": "driver core: fix potential NULL pointer dereference in dev_uevent()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51CA5E-345A-4098-B85D-3F2BED7BF3A0", "versionEndExcluding": "6.6.89", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "22F52099-F422-4D19-8283-45F9F9BF4392", "versionEndExcluding": "6.12.26", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B25CA7E-4CD0-46DB-B4EF-13A3516071FB", "versionEndExcluding": "6.14.5", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "13FC0DDE-E513-465E-9E81-515702D49B74", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential NULL pointer dereference in dev_uevent()\n\nIf userspace reads \"uevent\" device attribute at the same time as another\nthreads unbinds the device from its driver, change to dev->driver from a\nvalid pointer to NULL may result in crash. Fix this by using READ_ONCE()\nwhen fetching the pointer, and take bus' drivers klist lock to make sure\ndriver instance will not disappear while we access it.\n\nUse WRITE_ONCE() when setting the driver pointer to ensure there is no\ntearing."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: n\u00facleo del controlador: se corrige una posible desreferencia de puntero nulo en dev_uevent(). Si el espacio de usuario lee el atributo de dispositivo \"uevent\" al mismo tiempo que otro subproceso desvincula el dispositivo de su controlador, cambiar de un puntero v\u00e1lido a nulo en dev->driver puede provocar un fallo. Se soluciona esto usando READ_ONCE() al obtener el puntero y bloqueando la lista de k de los controladores del bus para garantizar que la instancia del controlador no desaparezca al acceder a ella. Use WRITE_ONCE() al configurar el puntero del controlador para evitar cortes."}], "id": "CVE-2025-37800", "lastModified": "2025-06-05T14:32:50.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-08T07:15:50.420", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/18daa52418e7e4629ed1703b64777294209d2622"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3781e4b83e174364998855de777e184cf0b62c40"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: driver core: fix potential NULL pointer dereference in dev_uevent()", "id": "2365015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365015"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndriver core: fix potential NULL pointer dereference in dev_uevent()\nIf userspace reads \"uevent\" device attribute at the same time as another\nthreads unbinds the device from its driver, change to dev->driver from a\nvalid pointer to NULL may result in crash. Fix this by using READ_ONCE()\nwhen fetching the pointer, and take bus' drivers klist lock to make sure\ndriver instance will not disappear while we access it.\nUse WRITE_ONCE() when setting the driver pointer to ensure there is no\ntearing."], "name": "CVE-2025-37800", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-37800\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37800\nhttps://lore.kernel.org/linux-cve-announce/2025050808-CVE-2025-37800-ea7c@gregkh/T"], "statement": "The attack could happen only during driver unloading. It would not be possible to trigger it without enough privileges to do this, so the security impact is limited. Keeping Moderate level of severity.", "threat_severity": "Moderate"}