Vulnerability Database

309,469

Total vulnerabilities in the database

CVE-2025-37845

In the Linux kernel, the following vulnerability has been resolved:

tracing: fprobe events: Fix possible UAF on modules

Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved try_module_get() from __find_tracepoint_module_cb() to find_tracepoint() caller, but that introduced a possible UAF because the module can be unloaded before try_module_get(). In this case, the module object should be freed too. Thus, try_module_get() does not only fail but may access to the freed object.

To avoid that, try_module_get() in __find_tracepoint_module_cb() again.

Published: May 9, 2025
Updated: Nov 18, 2025
CVE: CVE-2025-37845
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.12.21	6.12.24
linux / linux_kernel	6.13.9	6.13.12
linux / linux_kernel	6.14.1	6.14.3
linux / linux_kernel	6.14	6.14.x
linux / linux_kernel	6.15-rc1	6.15-rc1.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo