Vulnerability Database

309,469

Total vulnerabilities in the database

CVE-2025-37812

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: Fix deadlock when using NCM gadget

The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget").

Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for example using "iperf --bidir" over NCM ethernet link.

The deadlock occurs because the threaded interrupt handler gets preempted by a softirq, but both are protected by the same spinlock. Prevent deadlock by disabling softirq during threaded irq handler.

  • Published: May 8, 2025
  • Updated: Nov 13, 2025
  • CVE: CVE-2025-37812
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 5.4 5.4.293
linux / linux_kernel 5.5 5.10.237
linux / linux_kernel 5.11 5.15.181
linux / linux_kernel 5.16 6.1.136
linux / linux_kernel 6.2 6.6.89
linux / linux_kernel 6.7 6.12.26
linux / linux_kernel 6.13 6.14.5
linux / linux_kernel 6.15-rc1 6.15-rc1.x
linux / linux_kernel 6.15-rc2 6.15-rc2.x
linux / linux_kernel 6.15-rc3 6.15-rc3.x
debian / debian_linux 11.0 11.0.x