PT-2025-18476 · Linux+6 · Linux Kernel+6

Published

2025-04-02

·

Updated

2026-04-20

·

CVE-2025-37796

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use after free issue has been resolved in the Linux kernel. The problem occurs when the memory pointed to by priv is freed at the end of the at76 delete device function, but the code then attempts to access the udev field of the freed object to put the USB device. This may also lead to a memory leak of the USB device. The issue is fixed by using udev from the interface.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-12108
CVE-2025-37796
DLA-4178-1
DLA-4193-1
ECHO-7A2C-C3AF-E9DD
OESA-2025-2054
OESA-2025-2055
OESA-2025-2056
OESA-2025-2058
OESA-2025-2059
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01983-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01983-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu