CVE-2025-37812
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: cdns3: Fix deadlock when using NCM gadget
The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget").
Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for example using "iperf –bidir" over NCM ethernet link.
The deadlock occurs because the threaded interrupt handler gets preempted by a softirq, but both are protected by the same spinlock. Prevent deadlock by disabling softirq during threaded irq handler.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < eebfb64c624fc738b669100173344fb441c5e719 | affected |
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < 59a760e4796a3cd88d8b9d7706e0a638de677751 | affected |
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < b96239582531775f2fdcb14de29bdb6870fd4c8c | affected |
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < c27db84ed44e50ff90d9e3a2a25fae2e0a0fa015 | affected |
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < 48a62deb857f0694f611949015e70ad194d97159 | affected |
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < 74cd6e408a4c010e404832f0e4609d29bf1d0c41 | affected |
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < 09e90a9689a4aac7a2f726dc2aa472b0b37937b7 | affected |
| Linux | Linux | 7733f6c32e36ff9d7adadf40001039bf219b1cbe < a1059896f2bfdcebcdc7153c3be2307ea319501f | affected |
| Linux | Linux | 5.4 | affected |
| Linux | Linux | 0 < 5.4 | unaffected |
| Linux | Linux | 5.4.293 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.237 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.181 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.136 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.89 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.26 <= 6.12.* | unaffected |
| Linux | Linux | 6.14.5 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
References
- https://git.kernel.org/stable/c/eebfb64c624fc738b669100173344fb441c5e719
- https://git.kernel.org/stable/c/59a760e4796a3cd88d8b9d7706e0a638de677751
- https://git.kernel.org/stable/c/b96239582531775f2fdcb14de29bdb6870fd4c8c
- https://git.kernel.org/stable/c/c27db84ed44e50ff90d9e3a2a25fae2e0a0fa015
- https://git.kernel.org/stable/c/48a62deb857f0694f611949015e70ad194d97159
- https://git.kernel.org/stable/c/74cd6e408a4c010e404832f0e4609d29bf1d0c41
- https://git.kernel.org/stable/c/09e90a9689a4aac7a2f726dc2aa472b0b37937b7
- https://git.kernel.org/stable/c/a1059896f2bfdcebcdc7153c3be2307ea319501f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.