CVE-2025-37813
Published: May 8, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before prepare_transfer() and prepare_ring(), so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of times this code is called. Then enqueue + 1 is an invalid pointer. It will crash the kernel right away or load some junk which may look like a link TRB and cause the real link TRB to be replaced with a NOOP. This wouldn't end well. Use a functionally equivalent test which doesn't dereference the pointer and always gives correct result. Something has crashed my machine twice in recent days while playing with an Etron HC, and a control transfer stress test ran for confirmation has just crashed it again. The same test passes with this patch applied.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected fbc0a0c7718a6cb1dc5e0811a4f88a2b1deedfa1 - < 142273a49f2c315eabdbdf5a71c15e479b75ca91affected 9258c9ed32294ce3a4b58c9d92fc49ba030d35c9 - < bce3055b08e303e28a8751f6073066f5c33a0744affected 5e1c67abc9301d05130b7e267c204e7005503b33 - < 0624e29c595b05e7a0e6d1c368f0a05799928e30affected 5e1c67abc9301d05130b7e267c204e7005503b33 - < 1ea050da5562af9b930d17cbbe9632d30f5df43aaffected 4725344ca645a98a9d8e45e25b01a2244de5b8aa+3 more versions |
Linux | Linux | affected 6.13unaffected 0 - < 6.13unaffected 6.6.89 - <= 6.6.*unaffected 6.12.26 - <= 6.12.*unaffected 6.14.5 - <= 6.14.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now