Description

In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved try_module_get() from __find_tracepoint_module_cb() to find_tracepoint() caller, but that introduced a possible UAF because the module can be unloaded before try_module_get(). In this case, the module object should be freed too. Thus, try_module_get() does not only fail but may access to the freed object. To avoid that, try_module_get() in __find_tracepoint_module_cb() again.

INFO

Published Date :

2025-05-09T06:41:54.022Z

Last Modified :

2025-05-26T05:22:09.545Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37845 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37845.

URL Resource
https://git.kernel.org/stable/c/626f01f4d26e8cf92e69c1df53036153c8e98a20 cve-icon cve-icon
https://git.kernel.org/stable/c/868df4eb784c3ccc7e4340a9ea993cbbedca167e cve-icon cve-icon
https://git.kernel.org/stable/c/a27d2de2472b1cc7d582ab405d1d5832a80481de cve-icon cve-icon
https://git.kernel.org/stable/c/dd941507a9486252d6fcf11814387666792020f3 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050917-CVE-2025-37845-c06f@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37845 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37845 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact