CVE-2025-37746 — Incorrect Type Conversion or Cast in Linux
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
perf/dwc_pcie: fix duplicate pci_dev devices
During platform_device_register, wrongly using struct device
pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse
still, accessing the duplicated device leads to list corruption as its
mutex content (e.g., list, magic) remains the same as the original.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxaf9597adc2f1e3609c67c9792a2469bb64e43ae9 — a71c6fc87b2b9905dc2e38887fe4122287216be9+2
Patches
🔴Vulnerability Details
5OSV▶
CVE-2025-37746: In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_device_register, wron↗2025-05-01
GHSA▶
GHSA-rg5g-h6w9-p8cj: In the Linux kernel, the following vulnerability has been resolved:
perf/dwc_pcie: fix duplicate pci_dev devices
During platform_device_register, wr↗2025-05-01
📋Vendor Advisories
5Debian▶
CVE-2025-37746: linux - In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pc...↗2025