CVE-2025-37845

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37845
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37845.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37845
Downstream
Published
2025-05-09T06:41:54.022Z
Modified
2025-11-20T08:52:28.736786Z
Summary
tracing: fprobe events: Fix possible UAF on modules
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: fprobe events: Fix possible UAF on modules

Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved trymoduleget() from _findtracepointmodulecb() to findtracepoint() caller, but that introduced a possible UAF because the module can be unloaded before trymoduleget(). In this case, the module object should be freed too. Thus, trymodule_get() does not only fail but may access to the freed object.

To avoid that, trymoduleget() in _findtracepointmodulecb() again.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
71c9cf87776eaa556fc0a0a060df94200e1f521c
Fixed
868df4eb784c3ccc7e4340a9ea993cbbedca167e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9db2b8cf4ea07b579db588e0353d5680f5d1f071
Fixed
a27d2de2472b1cc7d582ab405d1d5832a80481de
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ac91052f0ae5be9e46211ba92cc31c0e3b0a933a
Fixed
626f01f4d26e8cf92e69c1df53036153c8e98a20
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ac91052f0ae5be9e46211ba92cc31c0e3b0a933a
Fixed
dd941507a9486252d6fcf11814387666792020f3

Affected versions

v6.*

v6.12.21
v6.12.22
v6.12.23
v6.13.10
v6.13.11
v6.13.9
v6.14
v6.14-rc7
v6.14.1
v6.14.2

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-37845-1592a064",
        "target": {
            "file": "kernel/trace/trace_fprobe.c",
            "function": "trace_fprobe_create_internal"
        },
        "digest": {
            "length": 3422.0,
            "function_hash": "136341844775588639362818781649187854629"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626f01f4d26e8cf92e69c1df53036153c8e98a20",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-37845-4d88cb9c",
        "target": {
            "file": "kernel/trace/trace_fprobe.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "203731496255518064060523422031036479301",
                "82609783206946770084505725548448863257",
                "49262200717664348687080794624996397716",
                "278126244412104774995835071943840929330",
                "305386037284828702081357736720458634258",
                "271663861437108636268486975072161165260",
                "801819558160615667217661624595768170",
                "288120751577213865914563235682847894957",
                "127135060129163611394283299317504265173",
                "272535109065597014757550143463364381914",
                "325825349224546175599767306907728328279",
                "329784913459140451019737294925623642508",
                "69784027403155455693716212698734020418",
                "306971222681114511355059052250025435942",
                "157237580257112390578881636997505384315",
                "50229819977759476664031831742483683753",
                "185340254943648292335425296333665665950",
                "85569472590663673639856600389838560989",
                "215251812181497799728605754216263013985"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626f01f4d26e8cf92e69c1df53036153c8e98a20",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-37845-5b72a46a",
        "target": {
            "file": "kernel/trace/trace_fprobe.c",
            "function": "__trace_fprobe_create"
        },
        "digest": {
            "length": 3857.0,
            "function_hash": "3970616722734088254630835803585334314"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a27d2de2472b1cc7d582ab405d1d5832a80481de",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-37845-94f81ef9",
        "target": {
            "file": "kernel/trace/trace_fprobe.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "203731496255518064060523422031036479301",
                "82609783206946770084505725548448863257",
                "49262200717664348687080794624996397716",
                "278126244412104774995835071943840929330",
                "305386037284828702081357736720458634258",
                "271663861437108636268486975072161165260",
                "801819558160615667217661624595768170",
                "288120751577213865914563235682847894957",
                "127135060129163611394283299317504265173",
                "272535109065597014757550143463364381914",
                "325825349224546175599767306907728328279",
                "329784913459140451019737294925623642508",
                "276518983046414035244012412244054420136",
                "193540638284883255774340792766175646297",
                "157237580257112390578881636997505384315",
                "50229819977759476664031831742483683753",
                "185340254943648292335425296333665665950",
                "217938077724132664172218279318836586000",
                "183499699287769691537622137783629828483"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a27d2de2472b1cc7d582ab405d1d5832a80481de",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-37845-be978f09",
        "target": {
            "file": "kernel/trace/trace_fprobe.c",
            "function": "__find_tracepoint_module_cb"
        },
        "digest": {
            "length": 242.0,
            "function_hash": "4709610776304829677279099752674977856"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a27d2de2472b1cc7d582ab405d1d5832a80481de",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-37845-d724ee5c",
        "target": {
            "file": "kernel/trace/trace_fprobe.c",
            "function": "__find_tracepoint_module_cb"
        },
        "digest": {
            "length": 242.0,
            "function_hash": "4709610776304829677279099752674977856"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626f01f4d26e8cf92e69c1df53036153c8e98a20",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.24
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.12
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.3