CVE-2025-37813
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37813
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37813.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37813
- Downstream
- Related
- Published
- 2025-05-08T06:26:10Z
- Modified
- 2025-11-28T02:35:43.670905Z
- Summary
- usb: xhci: Fix invalid pointer dereference in Etron workaround
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Fix invalid pointer dereference in Etron workaround
This check is performed before preparetransfer() and preparering(), so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of times this code is called.
Then enqueue + 1 is an invalid pointer. It will crash the kernel right away or load some junk which may look like a link TRB and cause the real link TRB to be replaced with a NOOP. This wouldn't end well.
Use a functionally equivalent test which doesn't dereference the pointer and always gives correct result.
Something has crashed my machine twice in recent days while playing with an Etron HC, and a control transfer stress test ran for confirmation has just crashed it again. The same test passes with this patch applied.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37813.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0624e29c595b05e7a0e6d1c368f0a05799928e30
- https://git.kernel.org/stable/c/142273a49f2c315eabdbdf5a71c15e479b75ca91
- https://git.kernel.org/stable/c/1ea050da5562af9b930d17cbbe9632d30f5df43a
- https://git.kernel.org/stable/c/bce3055b08e303e28a8751f6073066f5c33a0744
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37813.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-37813
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfbc0a0c7718a6cb1dc5e0811a4f88a2b1deedfa1Fixed142273a49f2c315eabdbdf5a71c15e479b75ca91
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9258c9ed32294ce3a4b58c9d92fc49ba030d35c9Fixedbce3055b08e303e28a8751f6073066f5c33a0744
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5e1c67abc9301d05130b7e267c204e7005503b33Fixed0624e29c595b05e7a0e6d1c368f0a05799928e30Fixed1ea050da5562af9b930d17cbbe9632d30f5df43a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected4725344ca645a98a9d8e45e25b01a2244de5b8aa