CVE-2025-37916
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
pds_core: remove write-after-free of client_id
A use-after-free error popped up in stress testing:
[Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core] [Mon Apr 21 21:21:33 2025] Use-after-free write at 0x000000007013ecd1 (in kfence-#47): [Mon Apr 21 21:21:33 2025] pdsc_auxbus_dev_del+0xef/0x160 [pds_core] [Mon Apr 21 21:21:33 2025] pdsc_remove+0xc0/0x1b0 [pds_core] [Mon Apr 21 21:21:33 2025] pci_device_remove+0x24/0x70 [Mon Apr 21 21:21:33 2025] device_release_driver_internal+0x11f/0x180 [Mon Apr 21 21:21:33 2025] driver_detach+0x45/0x80 [Mon Apr 21 21:21:33 2025] bus_remove_driver+0x83/0xe0 [Mon Apr 21 21:21:33 2025] pci_unregister_driver+0x1a/0x80
The actual device uninit usually happens on a separate thread scheduled after this code runs, but there is no guarantee of order of thread execution, so this could be a problem. There's no actual need to clear the client_id at this point, so simply remove the offending code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 10659034c622738bc1bfab8a76fc576c52d5acce < 9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b | affected |
| Linux | Linux | 10659034c622738bc1bfab8a76fc576c52d5acce < c649b9653ed09196e91d3f4b16b679041b3c42e6 | affected |
| Linux | Linux | 10659034c622738bc1bfab8a76fc576c52d5acce < 26dc701021302f11c8350108321d11763bd81dfe | affected |
| Linux | Linux | 10659034c622738bc1bfab8a76fc576c52d5acce < dfd76010f8e821b66116dec3c7d90dd2403d1396 | affected |
| Linux | Linux | 6.4 | affected |
| Linux | Linux | 0 < 6.4 | unaffected |
| Linux | Linux | 6.6.90 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.28 <= 6.12.* | unaffected |
| Linux | Linux | 6.14.6 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b
- https://git.kernel.org/stable/c/c649b9653ed09196e91d3f4b16b679041b3c42e6
- https://git.kernel.org/stable/c/26dc701021302f11c8350108321d11763bd81dfe
- https://git.kernel.org/stable/c/dfd76010f8e821b66116dec3c7d90dd2403d1396
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.