CVE-2025-37809
- Source
- https://cve.org/CVERecord?id=CVE-2025-37809
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37809.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-37809
- Downstream
- Related
- Published
- 2025-05-08T06:26:07.510Z
- Modified
- 2026-03-23T05:02:36.377252149Z
- Summary
- usb: typec: class: Fix NULL pointer access
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: class: Fix NULL pointer access
Concurrent calls to typecpartnerunlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protects both the device pointers and the partner device registration.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37809.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1fdde62411fe65640e69bc55ea027d5b7b2f0093
- https://git.kernel.org/stable/c/de7c24febd21413ea8f49f61b36338b676c02852
- https://git.kernel.org/stable/c/ec27386de23a511008c53aa2f3434ad180a3ca9a
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37809.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-37809
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced59de2a56d127890cc610f3896d5fc31887c54ac2Fixedde7c24febd21413ea8f49f61b36338b676c02852Fixed1fdde62411fe65640e69bc55ea027d5b7b2f0093Fixedec27386de23a511008c53aa2f3434ad180a3ca9a
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.15-rc1
v6.6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"digest": {
"length": 466.0,
"function_hash": "145405134334846215143557592888471846407"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-37809-1fcf1ef7",
"target": {
"function": "typec_partner_attach",
"file": "drivers/usb/typec/class.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fdde62411fe65640e69bc55ea027d5b7b2f0093"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"84512415375988040636057279364753705742",
"281153131160488678947508033646390296273",
"162567788084422871756530885232882412008",
"130069412265510568954229846380440002081",
"5584313785184368144908078505989459710",
"164645482354733747063595006856645052439",
"206746218816437891412487871766275053240",
"43877328422805389725571323072439823283",
"106667312214740783438548761770500635129",
"236676623766951582628515954261730785840",
"308567433242623273038772411910193738864",
"24395618761587867450549495162665969219",
"4387213721057950922227614944769159868",
"317835074559487744997669057230351526968",
"332106781395996512729978751803327681439",
"94071254440505219066959164343893028974",
"129462336838060744018992227798990134885",
"227382345794496964953769831974946278487",
"100539873907666036025061024378369186186",
"333688455018150102906167506558262969620",
"244774603690675704075665251624997063084",
"281088946070752733964106517817312379246",
"310443066108632169877267323246872866072",
"314672106675656306964423676173168276845",
"224942617657599374596965233642402341179",
"329251371710323457300773349102303430043",
"220795885541130220735950648631285121475",
"5615793527303658214619644734471566373",
"159448482639288105365849805126502239618",
"204945250502546886230536061438793021683",
"199679968911017329876766239773669935349",
"103540506112530382313985568828229136175",
"264835634316895714990537419214852235329",
"48171835265733280057388161951815591317",
"218119019540020678628216052976607546133",
"324373401911856856564000682851955713242",
"85091018543608013570347661719556944320",
"1142228866752296339624406242956336403",
"24884282091996257880314975162858451785",
"4518643085777771388533848788103508989",
"55729345307142320873356075408903604036",
"154223944687107515430056266946180641222"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-37809-5945a832",
"target": {
"file": "drivers/usb/typec/class.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fdde62411fe65640e69bc55ea027d5b7b2f0093"
},
{
"signature_version": "v1",
"digest": {
"length": 368.0,
"function_hash": "33421272719367983668306274048611033731"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-37809-93b2e5a3",
"target": {
"function": "typec_partner_deattach",
"file": "drivers/usb/typec/class.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fdde62411fe65640e69bc55ea027d5b7b2f0093"
},
{
"digest": {
"length": 1393.0,
"function_hash": "136070493589957794656581227535704142723"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-37809-b42a86be",
"target": {
"function": "typec_register_partner",
"file": "drivers/usb/typec/class.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fdde62411fe65640e69bc55ea027d5b7b2f0093"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"316069702049828582260378404593995381575",
"249243637867001457656112229308727889671",
"25347029192592396407036794034426976481",
"304922130975973107143403762568567151349"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-37809-c09b6c5a",
"target": {
"file": "drivers/usb/typec/class.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fdde62411fe65640e69bc55ea027d5b7b2f0093"
},
{
"signature_version": "v1",
"digest": {
"length": 282.0,
"function_hash": "3291510714344065438508346179531376046"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-37809-e1623b81",
"target": {
"function": "typec_unregister_partner",
"file": "drivers/usb/typec/class.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fdde62411fe65640e69bc55ea027d5b7b2f0093"
},
{
"signature_version": "v1",
"digest": {
"length": 2957.0,
"function_hash": "207787035829936229853214594534305611330"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-37809-e34573af",
"target": {
"function": "typec_register_port",
"file": "drivers/usb/typec/class.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fdde62411fe65640e69bc55ea027d5b7b2f0093"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37809.json"