5.5

CVE-2025-37886

EPSS 0.07%
Veröffentlicht 09.05.2025 06:45:48
Zuletzt bearbeitet 12.11.2025 19:36:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

pds_core: make wait_context part of q_info

In the Linux kernel, the following vulnerability has been resolved:

pds_core: make wait_context part of q_info

Make the wait_context a full part of the q_info struct rather
than a stack variable that goes away after pdsc_adminq_post()
is done so that the context is still available after the wait
loop has given up.

There was a case where a slow development firmware caused
the adminq request to time out, but then later the FW finally
finished the request and sent the interrupt.  The handler tried
to complete_all() the completion context that had been created
on the stack in pdsc_adminq_post() but no longer existed.
This caused bad pointer usage, kernel crashes, and much wailing
and gnashing of teeth.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 6 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.4 < 6.6.89

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.26

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.5

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1d7c4b2b0bbfb09b55b2dc0e2355d7936bf89381

Patch

https://git.kernel.org/stable/c/66d7702b42ffdf0dce4808626088268a4e905ca6

Patch

https://git.kernel.org/stable/c/520f012fe75fb8efc9f16a57ef929a7a2115d892

Patch

https://git.kernel.org/stable/c/3f77c3dfffc7063428b100c4945ca2a7a8680380

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-37886

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37886

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37886

EUVD