CVE-2025-37845

Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved trymoduleget() from _findtracepointmodulecb() to findtracepoint() caller, but that introduced a possible UAF because the module can be unloaded before trymoduleget(). In this case, the module object should be freed too. Thus, trymodule_get() does not only fail but may access to the freed object.

To avoid that, trymoduleget() in _findtracepointmodulecb() again.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37845.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

71c9cf87776eaa556fc0a0a060df94200e1f521c

Fixed

868df4eb784c3ccc7e4340a9ea993cbbedca167e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9db2b8cf4ea07b579db588e0353d5680f5d1f071

Fixed

a27d2de2472b1cc7d582ab405d1d5832a80481de

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ac91052f0ae5be9e46211ba92cc31c0e3b0a933a

Fixed

626f01f4d26e8cf92e69c1df53036153c8e98a20

Fixed

dd941507a9486252d6fcf11814387666792020f3

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.24

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.12

Type: ECOSYSTEM
Events: Introduced

6.14.0

Fixed

6.14.3