PT-2025-20329 · Linux+6 · Linux Kernel+6

Published

2025-05-08

·

Updated

2026-04-20

·

CVE-2025-37800

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A potential NULL pointer dereference in the dev uevent() function has been resolved. This issue occurs when userspace reads the "uevent" device attribute at the same time as another thread unbinds the device from its driver, causing a crash. The fix involves using READ ONCE() when fetching the pointer and taking the bus' drivers klist lock to prevent the driver instance from disappearing while accessing it. Additionally, WRITE ONCE() is used when setting the driver pointer to ensure there is no tearing.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
AZL-63788
BDU:2025-10366
CVE-2025-37800
ECHO-5FB6-DD19-3730
MGASA-2025-0182
MGASA-2025-0183
OESA-2026-1303
OESA-2026-1304
OESA-2026-1305
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02334-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02334-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu