CVE-2025-37796

HIGH

Linux Kernel Use-After-Free in at76_disconnect

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). But the code then accesses the udev field of the freed object to put the USB device. This may also lead to a memory leak of the usb device. Fix this by using udev from interface.

References (10)

Core 10
Core References

Scores

CVSS v3 7.8
EPSS 0.0016
EPSS Percentile 5.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (28)
linux/Kernel 3.17.0 - 5.4.293linux
linux/Kernel 5.11.0 - 5.15.181linux
linux/Kernel 5.16.0 - 6.1.135linux
linux/Kernel 5.5.0 - 5.10.237linux
linux/Kernel 6.13.0 - 6.14.4linux
linux/Kernel 6.2.0 - 6.6.88linux
linux/Kernel 6.7.0 - 6.12.25linux
Linux/Linux < 3.17
Linux/Linux 29e20aa6c6aff35c81d4da2e2cd516dadb569061 - 152721cbae42713ecfbca6847e0f102ee6b19546
Linux/Linux 29e20aa6c6aff35c81d4da2e2cd516dadb569061 - 27c7e63b3cb1a20bb78ed4a36c561ea4579fd7da
... and 18 more
Published May 01, 2025
Tracked Since Feb 18, 2026