PT-2025-22210 · Linux+6 · Linux Kernel+6

Marek

·

Published

2025-05-07

·

Updated

2026-05-26

·

CVE-2025-37949

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A NULL pointer fault was reported in the xenbus thread callstack. The issue occurs when the req object is freed while the xenbus thread is still using it, causing a kernel NULL pointer dereference. This happens because req->cb is set to xs wake up(), which can cause an immediate reschedule, allowing other processes to run before wake up returns. The problem is resolved by using two krefs on each request, one for the caller and one for xenbus thread, to track the request lifetime.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Locking

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-476

Related Identifiers

BDU:2025-12256
CVE-2025-37949
DLA-4271-1
DLA-4327-1
DSA-5925-1
ECHO-E818-03B8-ED6A
MGASA-2025-0182
MGASA-2025-0183
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:01983-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_01983-1
SUSE-SU-2025_02000-1
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7699-1
USN-7699-2
USN-7711-1
USN-7712-1
USN-7712-2
USN-7721-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu