CVE-2025-37813
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Fix invalid pointer dereference in Etron workaround
This check is performed before prepare_transfer() and prepare_ring(), so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of times this code is called.
Then enqueue + 1 is an invalid pointer. It will crash the kernel right away or load some junk which may look like a link TRB and cause the real link TRB to be replaced with a NOOP. This wouldn't end well.
Use a functionally equivalent test which doesn't dereference the pointer and always gives correct result.
Something has crashed my machine twice in recent days while playing with an Etron HC, and a control transfer stress test ran for confirmation has just crashed it again. The same test passes with this patch applied.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.6.66 | 6.6.89 |
| linux / linux_kernel | 6.11.11 | 6.12 |
| linux / linux_kernel | 6.12.2 | 6.12.26 |
| linux / linux_kernel | 6.13 | 6.14.5 |
| linux / linux_kernel | 6.15-rc1 | 6.15-rc1.x |
| linux / linux_kernel | 6.15-rc2 | 6.15-rc2.x |
| linux / linux_kernel | 6.15-rc3 | 6.15-rc3.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime