CVE-2025-37838

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use after free vulnerability has been identified in the Linux kernel, specifically in the ssi protocol driver due to a race condition. The issue arises in the ssi protocol probe() function where &ssi->work is bound with ssip xmit work(). If the module is removed, calling ssi protocol remove() to clean up, it frees ssi through kfree(ssi), but the work mentioned above may still be used, leading to a potential UAF bug. The vulnerability can be exploited when the sequence of operations involves removing the module while the work is being executed. The estimated number of potentially affected devices worldwide is not available.

Recommendations To resolve the issue, ensure that the work is canceled before proceeding with the cleanup in ssi protocol remove(). As a temporary workaround, consider disabling the ssip xmit work() function until a patch is available. Restrict access to the ssi protocol driver to minimize the risk of exploitation. Avoid using the ssi structure in the affected driver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.