CVE-2025-37995
Published: May 29, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether 'complete()' is actually required makes 'kobject_put()' safe.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 942e443127e928a5631c3d5102aca8c8b3c2dd98 - < 93799fb988757cdacf19acba57807746c00378e6affected 942e443127e928a5631c3d5102aca8c8b3c2dd98 - < a63d99873547d8b39eb2f6db79dd235761e7098aaffected 942e443127e928a5631c3d5102aca8c8b3c2dd98 - < f1c71b4bd721a4ea21da408806964b10468623f2affected 942e443127e928a5631c3d5102aca8c8b3c2dd98 - < 9e7b49ce4f9d0cb5b6e87db9e07a2fb9e754b0ddaffected 942e443127e928a5631c3d5102aca8c8b3c2dd98 - < faa9059631d3491d699c69ecf512de9e1a3d6649+3 more versions |
Linux | Linux | affected 3.12unaffected 0 - < 3.12unaffected 5.4.294 - <= 5.4.*unaffected 5.10.238 - <= 5.10.*unaffected 5.15.183 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now