CVE-2025-37800

Advisory lineage Upstream: 0 Downstream: 35

Downstream

DEBIAN-CVE-2025-37800 MGASA-2025-0182 MGASA-2025-0183 SUSE-SU-2025:02249-1 SUSE-SU-2025:02254-1 SUSE-SU-2025:02307-1

Analyzed

Published: 08 May 2025, 06:26

Last modified:11 May 2026, 21:15

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.05% LOW

0% probability +0.03%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 May 2025, 06:26

Published

Vulnerability first disclosed

11 May 2026, 21:15

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver from a valid pointer to NULL may result in crash. Fix this by using READ_ONCE() when fetching the pointer, and take bus' drivers klist lock to make sure driver instance will not disappear while we access it. Use WRITE_ONCE() when setting the driver pointer to ensure there is no tearing.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.05%• Percentile: 17%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 16574dccd8f62dc1b585325f8a6a0aab10047ed8, < abe56be73eb10a677d16066f65ff9d30251f5eee | ≥ 16574dccd8f62dc1b585325f8a6a0aab10047ed8, < 2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb | ≥ 16574dccd8f62dc1b585325f8a6a0aab10047ed8, < 3781e4b83e174364998855de777e184cf0b62c40 | ≥ 16574dccd8f62dc1b585325f8a6a0aab10047ed8, < 18daa52418e7e4629ed1703b64777294209d2622 | 2.6.22
linux•linux_kernel
< 6.6.89 | ≥ 6.7, < 6.12.26 | ≥ 6.13, < 6.14.5 | 6.15:rc1 | 6.15:rc2 | 6.15:rc3