CVE-2025-37838

Updated: 2025-11-28 02:31:13.564651

Description:

In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. If we remove the module which will call ssi_protocol_remove() to make a cleanup, it will free ssi through kfree(ssi), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | ssip_xmit_work ssi_protocol_remove | kfree(ssi); | | struct hsi_client *cl = ssi->cl; | // use ssi Fix it by ensuring that the work is canceled before proceeding with the cleanup in ssi_protocol_remove().


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x 0.0

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 0.0 Needs Triage 2025-11-28 06:27:58
CentOS 6 ELS kernel 2.6.32 0.0 Needs Triage 2025-11-28 06:27:53
CentOS 7 ELS kernel 3.10.0 0.0 Needs Triage 2025-11-28 06:28:00
CentOS 8.4 ELS kernel 4.18.0 0.0 Needs Triage 2025-11-28 06:27:55
CentOS 8.5 ELS kernel 4.18.0 0.0 Needs Triage 2025-11-28 06:27:54
CentOS Stream 8 ELS kernel 4.18.0 0.0 Needs Triage 2025-11-28 06:28:02
CloudLinux 7 ELS kernel 3.10.0 0.0 Ignored 2025-12-27 04:59:12 CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo...
Oracle Linux 6 ELS kernel 2.6.32 0.0 Needs Triage 2025-11-28 06:28:01
Oracle Linux 7 ELS kernel 3.10.0 0.0 Needs Triage 2025-11-28 06:28:04
Oracle Linux 7 ELS kernel-uek 5.4.17 0.0 Released CLSA-2025:1757963029 2025-09-16 11:20:41
Total: 16