PT-2025-22273 · Linux+6 · Linux Kernel+6

Published

2025-04-23

·

Updated

2026-04-20

·

CVE-2025-37990

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved. The issue is related to the function brcmf usb dl writeimage() which calls brcmf usb dl cmd() but does not check its return value. If brcmf usb dl cmd() fails, the variables state.state and state.bytes are left uninitialized, which can lead to dangerous conditions when using these uninitialized variables. The fix involves adding error handling for brcmf usb dl cmd() to handle failures properly and improve error messages for more detailed error reporting.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use of Uninitialized Resource

Access of Uninitialized Pointer

Weakness Enumeration

CWE-908CWE-824

Related Identifiers

BDU:2025-12333
CVE-2025-37990
DLA-4271-1
DLA-4327-1
DSA-5925-1
ECHO-BA1E-3FA1-F5DC
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-2120
OESA-2025-2121
OESA-2025-2122
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7649-1
USN-7649-2
USN-7650-1
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7665-1
USN-7665-2
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-7721-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu