CVE-2025-37809 (GCVE-0-2025-37809)
Vulnerability from cvelistv5
Published
2025-05-08 06:26
Modified
2025-05-26 05:21
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protects both the device pointers and the partner device registration.
References
Impacted products
Vendor Product Version
Linux Linux Version: 59de2a56d127890cc610f3896d5fc31887c54ac2
Version: 59de2a56d127890cc610f3896d5fc31887c54ac2
Version: 59de2a56d127890cc610f3896d5fc31887c54ac2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/class.c",
            "drivers/usb/typec/class.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "de7c24febd21413ea8f49f61b36338b676c02852",
              "status": "affected",
              "version": "59de2a56d127890cc610f3896d5fc31887c54ac2",
              "versionType": "git"
            },
            {
              "lessThan": "1fdde62411fe65640e69bc55ea027d5b7b2f0093",
              "status": "affected",
              "version": "59de2a56d127890cc610f3896d5fc31887c54ac2",
              "versionType": "git"
            },
            {
              "lessThan": "ec27386de23a511008c53aa2f3434ad180a3ca9a",
              "status": "affected",
              "version": "59de2a56d127890cc610f3896d5fc31887c54ac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/class.c",
            "drivers/usb/typec/class.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.26",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.5",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: class: Fix NULL pointer access\n\nConcurrent calls to typec_partner_unlink_device can lead to a NULL pointer\ndereference. This patch adds a mutex to protect USB device pointers and\nprevent this issue. The same mutex protects both the device pointers and\nthe partner device registration."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:21:19.579Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/de7c24febd21413ea8f49f61b36338b676c02852"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fdde62411fe65640e69bc55ea027d5b7b2f0093"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec27386de23a511008c53aa2f3434ad180a3ca9a"
        }
      ],
      "title": "usb: typec: class: Fix NULL pointer access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37809",
    "datePublished": "2025-05-08T06:26:07.510Z",
    "dateReserved": "2025-04-16T04:51:23.942Z",
    "dateUpdated": "2025-05-26T05:21:19.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-37809\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-08T07:15:52.087\",\"lastModified\":\"2025-05-08T14:39:09.683\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nusb: typec: class: Fix NULL pointer access\\n\\nConcurrent calls to typec_partner_unlink_device can lead to a NULL pointer\\ndereference. This patch adds a mutex to protect USB device pointers and\\nprevent this issue. The same mutex protects both the device pointers and\\nthe partner device registration.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: class: Fix. Acceso a punteros nulos. Las llamadas simult\u00e1neas a typec_partner_unlink_device pueden provocar una desreferencia de punteros nulos. Este parche a\u00f1ade un mutex para proteger los punteros de dispositivos USB y evitar este problema. Este mismo mutex protege tanto los punteros de dispositivo como el registro del dispositivo asociado.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1fdde62411fe65640e69bc55ea027d5b7b2f0093\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/de7c24febd21413ea8f49f61b36338b676c02852\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ec27386de23a511008c53aa2f3434ad180a3ca9a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.