CVE-2025-37838Use After Free in Linux

CWE-416Use After Free75 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.5
EPSS
0.1%
top 82.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedApr 18
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. If we remove the module which will call ssi_protocol_remove() to make a cleanup, it will free ssi through kfree(ssi), while the work ment

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel6.26.6.88+4
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.15.0-144.157+5
CVEListV5linux/linuxdf26d639e2f4628732a8da5a0f71e4e652ce809bd03abc1c2b21324550fa71e12d53e7d3498e0af6+9

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

37
OSV
linux-azure-nvidia vulnerabilities2026-01-09
OSV
linux-azure-fips vulnerabilities2025-12-17
OSV
linux-azure-fips vulnerabilities2025-12-16
OSV
linux-azure-fips vulnerabilities2025-12-16
OSV
linux-azure, linux-azure-5.4 vulnerabilities2025-12-16

📋Vendor Advisories

37
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2026-01-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-17
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-16
CVE-2025-37838 — Use After Free in Linux | cvebase