CVE-2025-37800

Published: May 8, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver from a valid pointer to NULL may result in crash. Fix this by using READ_ONCE() when fetching the pointer, and take bus' drivers klist lock to make sure driver instance will not disappear while we access it. Use WRITE_ONCE() when setting the driver pointer to ensure there is no tearing.

Vendor	Product	Versions
Linux	Linux	affected `16574dccd8f62dc1b585325f8a6a0aab10047ed8 - < abe56be73eb10a677d16066f65ff9d30251f5eee` affected `16574dccd8f62dc1b585325f8a6a0aab10047ed8 - < 2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb` affected `16574dccd8f62dc1b585325f8a6a0aab10047ed8 - < 3781e4b83e174364998855de777e184cf0b62c40` affected `16574dccd8f62dc1b585325f8a6a0aab10047ed8 - < 18daa52418e7e4629ed1703b64777294209d2622`
Linux	Linux	affected `2.6.22` unaffected `0 - < 2.6.22` unaffected `6.6.89 - <= 6.6.` unaffected `6.12.26 - <= 6.12.` unaffected `6.14.5 - <= 6.14.*` +1 more versions

References

https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee

https://git.kernel.org/stable/c/2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb

https://git.kernel.org/stable/c/3781e4b83e174364998855de777e184cf0b62c40

https://git.kernel.org/stable/c/18daa52418e7e4629ed1703b64777294209d2622

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-37800

Description

Affected Products

References