CVE-2025-37813

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the xhci (Extensible Host Controller Interface) component related to the Etron workaround. The issue involves an invalid pointer dereference that can cause the kernel to crash or load incorrect data, potentially leading to system instability. This problem is encountered when the enqueue pointer points to the final link TRB (Transaction Request Block) of a segment, which happens approximately 0.4% of the time the code is executed. As a result, enqueue + 1 becomes an invalid pointer, leading to immediate kernel crashes or the loading of junk data that may resemble a link TRB, causing the real link TRB to be replaced with a NOOP (No Operation) command. The vulnerability has been observed to cause system crashes, particularly during stress tests involving control transfers with an Etron HC device.

Recommendations To resolve the issue, apply the provided patch that replaces the problematic test with a functionally equivalent one that does not dereference the pointer and always yields a correct result. This patch has been confirmed to prevent system crashes during control transfer stress tests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.