CVE-2025-37861Use After Free in Linux

CWE-416Use After FreeCWE-825Expired Pointer Dereference42 documents7 sources
Severity
7.8HIGHNVD
OSV3.2
EPSS
0.1%
top 79.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
LinuxLinux KernelDebian Linux+13 more
Timeline
PublishedMay 9
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID (0xFFFF), set by the reset thread, which points to unallocated memory, causing a crash. Add flag 'io_admin_reset_sync' to synchronize access between the reset, I/O, and admin threads. Before a reset, the reset

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages18 packages

NVDlinux/linux_kernel5.146.12.24+2
Debianlinux/linux_kernel< 6.12.25-1+1
Ubuntulinux/linux_kernel< 6.8.0-100.100+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

21
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24
OSV
linux-xilinx vulnerabilities2026-02-24

📋Vendor Advisories

20
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24