CVE-2025-37800

MEDIUM

Linux kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver from a valid pointer to NULL may result in crash. Fix this by using READ_ONCE() when fetching the pointer, and take bus' drivers klist lock to make sure driver instance will not disappear while we access it. Use WRITE_ONCE() when setting the driver pointer to ensure there is no tearing.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee

Patch

https://git.kernel.org/stable/c/2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb

Patch

https://git.kernel.org/stable/c/3781e4b83e174364998855de777e184cf0b62c40

Patch

https://git.kernel.org/stable/c/18daa52418e7e4629ed1703b64777294209d2622

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (15)

linux/Kernel 2.6.22 - 6.6.89linux

linux/Kernel 6.13.0 - 6.14.5linux

linux/Kernel 6.7.0 - 6.12.26linux

Linux/Linux < 2.6.22

Linux/Linux 16574dccd8f62dc1b585325f8a6a0aab10047ed8 - 18daa52418e7e4629ed1703b64777294209d2622

Linux/Linux 16574dccd8f62dc1b585325f8a6a0aab10047ed8 - 2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb

Linux/Linux 16574dccd8f62dc1b585325f8a6a0aab10047ed8 - 3781e4b83e174364998855de777e184cf0b62c40

Linux/Linux 16574dccd8f62dc1b585325f8a6a0aab10047ed8 - abe56be73eb10a677d16066f65ff9d30251f5eee

Linux/Linux 2.6.22

Linux/Linux 6.12.26 - 6.12.*

... and 5 more

Published May 08, 2025

Tracked Since Feb 18, 2026