CVE-2025-37994

MEDIUM

Linux Kernel 5.2-6.14.7 - NULL Pointer Dereference in UCSI DisplayPort Workqueue

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal.

References (10)

Core 10

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Patch

https://git.kernel.org/stable/c/9dda1e2a666a8a32ce0f153b5dee05c7351f1020

Patch

https://git.kernel.org/stable/c/a9931f1b52b2d0bf3952e003fd5901ea7eb851ed

Patch

https://git.kernel.org/stable/c/7804c4d63edfdd5105926cc291e806e8f4ce01b5

Patch

https://git.kernel.org/stable/c/076ab0631ed4928905736f1701e25f1e722bc086

Patch

https://git.kernel.org/stable/c/14f298c52188c34acde9760bf5abc669c5c36fdb

Patch

https://git.kernel.org/stable/c/5ad298d6d4aebe1229adba6427e417e89a5208d8

Patch

https://git.kernel.org/stable/c/e9b63faf5c97deb43fc39a52edbc39d626cc14bf

Patch

https://git.kernel.org/stable/c/312d79669e71283d05c05cc49a1a31e59e3d9e0e

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 30.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (28)

debian/debian_linux 11.0

linux/Kernel 5.11.0 - 5.15.183linux

linux/Kernel 5.16.0 - 6.1.139linux

linux/Kernel 5.2.0 - 5.4.294linux

linux/Kernel 5.5.0 - 5.10.238linux

linux/Kernel 6.13.0 - 6.14.7linux

linux/Kernel 6.2.0 - 6.6.91linux

linux/Kernel 6.7.0 - 6.12.29linux

Linux/Linux < 5.2

Linux/Linux 5.10.238 - 5.10.*

... and 18 more

Published May 29, 2025

Tracked Since Feb 18, 2026