CVE-2025-37985

Опубликовано: 20 мая 2025

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned

Отчет

The bug actual only if WMC Device Management functionality being used (that is for the cell phones compliant to the CDC WMC specification). It is about possibility of incorrect access to the device (can access after release of the device). It doesn't lead to kernel crash or other possibilities of attack, so the security impact is limited.

Меры по смягчению последствий

To mitigate this issue, prevent module cdc-wdm from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-826

https://bugzilla.redhat.com/show_bug.cgi?id=2367617kernel: USB: wdm: close race between wdm_open and wdm_wwan_port_stop

EPSS

Процентиль: 8%

0.00035

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2025-37985

ubuntu

2 месяца назад

CVE-2025-37985

nvd

2 месяца назад

CVE-2025-37985

msrc

9 дней назад

Описание отсутствует

CVE-2025-37985

debian

2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: U ...

GHSA-74hf-26w7-48xj

github

2 месяца назад

EPSS

Процентиль: 8%

0.00035

Низкий

4.7 Medium

CVSS3