CVE-2025-37882 — Use After Free in Linux

CWE-416 — Use After Free CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition12 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 87.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +13 more

Timeline

PublishedMay 9

Latest updateJul 8

Description

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event, a new TD may be queued at this ring position. I can trigger this race by rising interrupt moderation to increase IRQ handling delay. Similar delay may occur naturally due to system load. If this eve…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages18 packages

▶NVDlinux/linux_kernel6.13 — 6.14.5+1

▶Debianlinux/linux_kernel< 6.12.27-1+1

▶Ubuntulinux/linux_kernel< 6.14.0-22.22

▶msrcmsrc/azl3_kernel_6.6.96.2-1_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-aws, linux-oracle vulnerabilities↗2025-07-08

▶

OSV

linux-azure vulnerabilities↗2025-06-26

▶

OSV

linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities↗2025-06-24

▶

GHSA

GHSA-3qx6-96c8-pv99: In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer↗2025-05-09

▶

OSV

CVE-2025-37882: In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of↗2025-05-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2025-07-08

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-06-26

▶

Ubuntu

Linux kernel vulnerabilities↗2025-06-24

▶

Microsoft

usb: xhci: Fix isochronous Ring Underrun/Overrun event handling↗2025-05-13

▶

Red Hat

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF↗2025-05-09

▶

External resources

NVD MITRE

Affected products16

Debian Linuxfixed in linux 6.12.27-1 (forky)

Linux≥ 608b973b70f87e9a9bafbfdfa16aab68507aef45, < 16a7a8e6c47fea5c847beb696c8c21a7a44c1915≥ 608b973b70f87e9a9bafbfdfa16aab68507aef45, < 39a080a2925c81b0f1da0add44722ef2b78e5454≥ 608b973b70f87e9a9bafbfdfa16aab68507aef45, < 906dec15b9b321b546fd31a3c99ffc13724c7af4+1 more

Linux Kernel≥ 0, < 6.12.27-1fixed in 6.12.26≥ 6.13, < 6.14.5+1 more

Msrc Azl3 Kernel 6.6.104.2-4 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.112.1-2 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.117.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-3 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.121.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.126.1-1 ON Azure Linux 3.0

Disclosure

PublishedMay 9, 2025

Latest updateJul 8, 2025