CVE-2025-37811

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool.

References

Link	Resource
https://git.kernel.org/stable/c/0ee460498ced49196149197c9f6d29a10e5e0798	Patch
https://git.kernel.org/stable/c/121e9f80ea5478bca3a8f3f26593fd66f87da649	Patch
https://git.kernel.org/stable/c/2aa87bd825377f5073b76701780a902cd0fc725a	Patch
https://git.kernel.org/stable/c/4e28f79e3dffa52d327b46d1a78dac16efb5810b	Patch
https://git.kernel.org/stable/c/8060b719676e8c0e5a2222c2977ba0458d9d9535	Patch
https://git.kernel.org/stable/c/887902ca73490f38c69fd6149ef361a041cf912f	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:-::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc3::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

12 Nov 2025, 21:40

Type	Values Removed	Values Added
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:6.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:-:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
References	~~() https://git.kernel.org/stable/c/0ee460498ced49196149197c9f6d29a10e5e0798 -~~	() https://git.kernel.org/stable/c/0ee460498ced49196149197c9f6d29a10e5e0798 - Patch
References	~~() https://git.kernel.org/stable/c/121e9f80ea5478bca3a8f3f26593fd66f87da649 -~~	() https://git.kernel.org/stable/c/121e9f80ea5478bca3a8f3f26593fd66f87da649 - Patch
References	~~() https://git.kernel.org/stable/c/2aa87bd825377f5073b76701780a902cd0fc725a -~~	() https://git.kernel.org/stable/c/2aa87bd825377f5073b76701780a902cd0fc725a - Patch
References	~~() https://git.kernel.org/stable/c/4e28f79e3dffa52d327b46d1a78dac16efb5810b -~~	() https://git.kernel.org/stable/c/4e28f79e3dffa52d327b46d1a78dac16efb5810b - Patch
References	~~() https://git.kernel.org/stable/c/8060b719676e8c0e5a2222c2977ba0458d9d9535 -~~	() https://git.kernel.org/stable/c/8060b719676e8c0e5a2222c2977ba0458d9d9535 - Patch
References	~~() https://git.kernel.org/stable/c/887902ca73490f38c69fd6149ef361a041cf912f -~~	() https://git.kernel.org/stable/c/887902ca73490f38c69fd6149ef361a041cf912f - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html - Mailing List, Third Party Advisory
First Time		Debian Linux linux Kernel Debian debian Linux Linux

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -

08 May 2025, 14:39

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: chipidea: ci_hdrc_imx: corrección del manejo de usbmisc. usbmisc es una propiedad opcional del dispositivo, por lo que es totalmente válido que el valor correspondiente de data->usbmisc_data sea nulo. Verifique esto antes de desreferenciar el puntero. Encontrado por el Centro de Verificación de Linux (linuxtesting.org) con la herramienta de análisis estático Svace.

08 May 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-08 07:15

Updated : 2025-11-12 21:40

NVD link : CVE-2025-37811

Mitre link : CVE-2025-37811

CVE.ORG link : CVE-2025-37811

JSON object : View

Products Affected

linux

linux_kernel

debian

debian_linux

CWE

CWE-476

NULL Pointer Dereference

5.5 /10