CVE-2025-37845

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37845
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37845.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37845
Downstream
Related
Published
2025-05-09T06:41:54.022Z
Modified
2026-03-12T02:15:57.433140Z
Summary
tracing: fprobe events: Fix possible UAF on modules
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: fprobe events: Fix possible UAF on modules

Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved trymoduleget() from __findtracepointmodulecb() to findtracepoint() caller, but that introduced a possible UAF because the module can be unloaded before trymoduleget(). In this case, the module object should be freed too. Thus, trymoduleget() does not only fail but may access to the freed object.

To avoid that, trymoduleget() in _findtracepointmodulecb() again.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37845.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
71c9cf87776eaa556fc0a0a060df94200e1f521c
Fixed
868df4eb784c3ccc7e4340a9ea993cbbedca167e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9db2b8cf4ea07b579db588e0353d5680f5d1f071
Fixed
a27d2de2472b1cc7d582ab405d1d5832a80481de
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ac91052f0ae5be9e46211ba92cc31c0e3b0a933a
Fixed
626f01f4d26e8cf92e69c1df53036153c8e98a20
Fixed
dd941507a9486252d6fcf11814387666792020f3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37845.json"