CVE-2025-37838
Published: Apr 18, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. If we remove the module which will call ssi_protocol_remove() to make a cleanup, it will free ssi through kfree(ssi), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | ssip_xmit_work ssi_protocol_remove | kfree(ssi); | | struct hsi_client *cl = ssi->cl; | // use ssi Fix it by ensuring that the work is canceled before proceeding with the cleanup in ssi_protocol_remove().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected df26d639e2f4628732a8da5a0f71e4e652ce809b - < d03abc1c2b21324550fa71e12d53e7d3498e0af6affected df26d639e2f4628732a8da5a0f71e4e652ce809b - < 4a8c29beb8a02b5a0a9d77d608aa14b6f88a6b86affected df26d639e2f4628732a8da5a0f71e4e652ce809b - < 72972552d0d0bfeb2dec5daf343a19018db36ffaaffected df26d639e2f4628732a8da5a0f71e4e652ce809b - < d58493832e284f066e559b8da5ab20c15a2801d3affected df26d639e2f4628732a8da5a0f71e4e652ce809b - < 58eb29dba712ab0f13af59ca2fe545f5ce360e78+4 more versions |
Linux | Linux | affected 4.8unaffected 0 - < 4.8unaffected 5.4.293 - <= 5.4.*unaffected 5.10.237 - <= 5.10.*unaffected 5.15.181 - <= 5.15.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now