PT-2025-20348 · Linux+7 · Linux Kernel+7

Published

2025-04-26

·

Updated

2026-05-26

·

CVE-2025-37819

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free issue has been identified in the Linux kernel, specifically in the irqchip/gic-v2m component. The gicv2m get fwnode() function is registered with the PCI subsystem as pci msi get fwnode cb(), but it is incorrectly marked as init, causing it to be freed while still being used. This can lead to a kernel paging request error, which can be reproduced on a Juno board with ACPI boot.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:1690
ALSA-2026:2212
BDU:2025-12086
CVE-2025-37819
DLA-4271-1
DLA-4327-1
DSA-5925-1
ECHO-547D-ACF2-54F1
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-2077
OESA-2025-2078
OESA-2025-2079
RHSA-2026:1194
RHSA-2026:1236
RHSA-2026:1444
RHSA-2026:1690
RHSA-2026:2212
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Rocky Linux
Suse
Ubuntu