CVE-2025-37845

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37845
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37845.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37845
Downstream
Published
2025-05-09T06:41:54Z
Modified
2025-10-10T10:19:56.953935Z
Summary
tracing: fprobe events: Fix possible UAF on modules
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: fprobe events: Fix possible UAF on modules

Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved trymoduleget() from _findtracepointmodulecb() to findtracepoint() caller, but that introduced a possible UAF because the module can be unloaded before trymoduleget(). In this case, the module object should be freed too. Thus, trymodule_get() does not only fail but may access to the freed object.

To avoid that, trymoduleget() in _findtracepointmodulecb() again.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
71c9cf87776eaa556fc0a0a060df94200e1f521c
Fixed
868df4eb784c3ccc7e4340a9ea993cbbedca167e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9db2b8cf4ea07b579db588e0353d5680f5d1f071
Fixed
a27d2de2472b1cc7d582ab405d1d5832a80481de
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ac91052f0ae5be9e46211ba92cc31c0e3b0a933a
Fixed
626f01f4d26e8cf92e69c1df53036153c8e98a20
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ac91052f0ae5be9e46211ba92cc31c0e3b0a933a
Fixed
dd941507a9486252d6fcf11814387666792020f3

Affected versions

v6.*

v6.12.21
v6.12.22
v6.12.23
v6.13.10
v6.13.11
v6.13.9
v6.14
v6.14-rc7
v6.14.1
v6.14.2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.24
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.12
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.3