CVE-2025-37916

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37916
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37916.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37916
Downstream
Related
Published
2025-05-20T15:21:47Z
Modified
2025-10-18T01:19:01.942202Z
Summary
pds_core: remove write-after-free of client_id
Details

In the Linux kernel, the following vulnerability has been resolved:

pdscore: remove write-after-free of clientid

A use-after-free error popped up in stress testing:

[Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdscauxbusdevdel+0xef/0x160 [pdscore] [Mon Apr 21 21:21:33 2025] Use-after-free write at 0x000000007013ecd1 (in kfence-#47): [Mon Apr 21 21:21:33 2025] pdscauxbusdevdel+0xef/0x160 [pdscore] [Mon Apr 21 21:21:33 2025] pdscremove+0xc0/0x1b0 [pdscore] [Mon Apr 21 21:21:33 2025] pcideviceremove+0x24/0x70 [Mon Apr 21 21:21:33 2025] devicereleasedriverinternal+0x11f/0x180 [Mon Apr 21 21:21:33 2025] driverdetach+0x45/0x80 [Mon Apr 21 21:21:33 2025] busremovedriver+0x83/0xe0 [Mon Apr 21 21:21:33 2025] pciunregisterdriver+0x1a/0x80

The actual device uninit usually happens on a separate thread scheduled after this code runs, but there is no guarantee of order of thread execution, so this could be a problem. There's no actual need to clear the client_id at this point, so simply remove the offending code.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
10659034c622738bc1bfab8a76fc576c52d5acce
Fixed
9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
10659034c622738bc1bfab8a76fc576c52d5acce
Fixed
c649b9653ed09196e91d3f4b16b679041b3c42e6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
10659034c622738bc1bfab8a76fc576c52d5acce
Fixed
26dc701021302f11c8350108321d11763bd81dfe
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
10659034c622738bc1bfab8a76fc576c52d5acce
Fixed
dfd76010f8e821b66116dec3c7d90dd2403d1396

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.3
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "16767964117432699913483191567535668915",
            "length": 346.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c649b9653ed09196e91d3f4b16b679041b3c42e6",
        "target": {
            "function": "pdsc_auxbus_dev_del",
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-218d67a2"
    },
    {
        "digest": {
            "line_hashes": [
                "279436672548021981464696388263483253775",
                "288830527034011432445161926533907799129",
                "284622315038020566539647029075750555237",
                "160887226729125156663902399265345517350"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c649b9653ed09196e91d3f4b16b679041b3c42e6",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-3175a2c8"
    },
    {
        "digest": {
            "function_hash": "16767964117432699913483191567535668915",
            "length": 346.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfd76010f8e821b66116dec3c7d90dd2403d1396",
        "target": {
            "function": "pdsc_auxbus_dev_del",
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-4ef1524e"
    },
    {
        "digest": {
            "line_hashes": [
                "279436672548021981464696388263483253775",
                "288830527034011432445161926533907799129",
                "284622315038020566539647029075750555237",
                "160887226729125156663902399265345517350"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dfd76010f8e821b66116dec3c7d90dd2403d1396",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-6a800094"
    },
    {
        "digest": {
            "function_hash": "16767964117432699913483191567535668915",
            "length": 346.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b",
        "target": {
            "function": "pdsc_auxbus_dev_del",
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-df07755f"
    },
    {
        "digest": {
            "function_hash": "16767964117432699913483191567535668915",
            "length": 346.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@26dc701021302f11c8350108321d11763bd81dfe",
        "target": {
            "function": "pdsc_auxbus_dev_del",
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-e1ddd594"
    },
    {
        "digest": {
            "line_hashes": [
                "279436672548021981464696388263483253775",
                "288830527034011432445161926533907799129",
                "284622315038020566539647029075750555237",
                "160887226729125156663902399265345517350"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@26dc701021302f11c8350108321d11763bd81dfe",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-ee539916"
    },
    {
        "digest": {
            "line_hashes": [
                "279436672548021981464696388263483253775",
                "288830527034011432445161926533907799129",
                "284622315038020566539647029075750555237",
                "160887226729125156663902399265345517350"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/auxbus.c"
        },
        "id": "CVE-2025-37916-f9c247c3"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.90
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.28
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.6