CVE-2025-37796

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-37796

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37796.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-37796

Downstream

BELL-CVE-2025-37796

DEBIAN-CVE-2025-37796

DLA-4178-1

DLA-4193-1

ECHO-7a2c-c3af-e9dd

OESA-2025-2054

OESA-2025-2055

OESA-2025-2056

OESA-2025-2058

OESA-2025-2059

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:01983-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2025-37796

USN-7594-1

USN-7594-2

USN-7594-3

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

Related

Published

2025-05-01T14:15:44Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: at76c50x: fix use after free access in at76_disconnect

The memory pointed to by priv is freed at the end of at76deletedevice function (using ieee80211freehw). But the code then accesses the udev field of the freed object to put the USB device. This may also lead to a memory leak of the usb device. Fix this by using udev from interface.

References

Affected packages