CVE-2025-37809

MEDIUM

Linux Kernel - NULL Pointer Dereference in USB Type-C Class

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protects both the device pointers and the partner device registration.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/de7c24febd21413ea8f49f61b36338b676c02852

Patch

https://git.kernel.org/stable/c/1fdde62411fe65640e69bc55ea027d5b7b2f0093

Patch

https://git.kernel.org/stable/c/ec27386de23a511008c53aa2f3434ad180a3ca9a

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.13.0 - 6.14.5linux

linux/Kernel 6.7.0 - 6.12.26linux

Linux/Linux < 6.7

Linux/Linux 59de2a56d127890cc610f3896d5fc31887c54ac2 - 1fdde62411fe65640e69bc55ea027d5b7b2f0093

Linux/Linux 59de2a56d127890cc610f3896d5fc31887c54ac2 - de7c24febd21413ea8f49f61b36338b676c02852

Linux/Linux 59de2a56d127890cc610f3896d5fc31887c54ac2 - ec27386de23a511008c53aa2f3434ad180a3ca9a

Linux/Linux 6.12.26 - 6.12.*

Linux/Linux 6.14.5 - 6.14.*

Linux/Linux 6.15

Linux/Linux 6.7

... and 2 more

Published May 08, 2025

Tracked Since Feb 18, 2026