4.7

CVE-2025-37985

USB: wdm: close race between wdm_open and wdm_wwan_port_stop

In the Linux kernel, the following vulnerability has been resolved:

USB: wdm: close race between wdm_open and wdm_wwan_port_stop

Clearing WDM_WWAN_IN_USE must be the last action or
we can open a chardev whose URBs are still poisoned
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.14 < 5.15.181
LinuxLinux Kernel Version >= 5.16 < 6.1.136
LinuxLinux Kernel Version >= 6.2 < 6.6.89
LinuxLinux Kernel Version >= 6.7 < 6.12.26
LinuxLinux Kernel Version >= 6.13 < 6.14.5
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.015
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167
Patch
https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b306710e702eac492
Patch
https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc71c8d4855dfbd72
Patch
https://git.kernel.org/stable/c/52ae15c665b5fe5876655aaccc3ef70560b0e314
Patch
https://git.kernel.org/stable/c/e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9
Patch
https://git.kernel.org/stable/c/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Third Party Advisory