DEBIAN-CVE-2025-37845

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-37845

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-37845.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-37845

Upstream

CVE-2025-37845

Published

2025-05-09T07:16:05Z

Modified

2025-09-25T04:37:26.627928Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved trymoduleget() from _findtracepointmodulecb() to findtracepoint() caller, but that introduced a possible UAF because the module can be unloaded before trymoduleget(). In this case, the module object should be freed too. Thus, trymoduleget() does not only fail but may access to the freed object. To avoid that, trymoduleget() in _findtracepointmodule_cb() again.

References

https://security-tracker.debian.org/tracker/CVE-2025-37845

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}