CVE-2025-37845 — Use After Free in Linux
Severity
7.8HIGHNVD
EPSS
0.1%
top 79.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 9
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
tracing: fprobe events: Fix possible UAF on modules
Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module
refcount") moved try_module_get() from __find_tracepoint_module_cb()
to find_tracepoint() caller, but that introduced a possible UAF
because the module can be unloaded before try_module_get(). In this
case, the module object should be freed too. Thus, try_module_get()
does not only fail but may access to the …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
▶CVEListV5linux/linux71c9cf87776eaa556fc0a0a060df94200e1f521c — 868df4eb784c3ccc7e4340a9ea993cbbedca167e+4
Patches
🔴Vulnerability Details
5OSV▶
CVE-2025-37845: In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing:↗2025-05-09
GHSA▶
GHSA-mjp6-8q33-2qx3: In the Linux kernel, the following vulnerability has been resolved:
tracing: fprobe events: Fix possible UAF on modules
Commit ac91052f0ae5 ("tracin↗2025-05-09
📋Vendor Advisories
5Debian▶
CVE-2025-37845: linux - In the Linux kernel, the following vulnerability has been resolved: tracing: fp...↗2025