Description

In the Linux kernel, the following vulnerability has been resolved:

usb: chipidea: ci_hdrc_imx: fix usbmisc handling

usbmisc is an optional device property so it is totally valid for the
corresponding data->usbmisc_data to have a NULL value.

Check that before dereferencing the pointer.

Found by Linux Verification Center (linuxtesting.org) with Svace static
analysis tool.

Classification

CVE ID: CVE-2025-37811

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.6% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37811
https://git.kernel.org/stable/c/8060b719676e8c0e5a2222c2977ba0458d9d9535
https://git.kernel.org/stable/c/0ee460498ced49196149197c9f6d29a10e5e0798
https://git.kernel.org/stable/c/121e9f80ea5478bca3a8f3f26593fd66f87da649
https://git.kernel.org/stable/c/887902ca73490f38c69fd6149ef361a041cf912f
https://git.kernel.org/stable/c/2aa87bd825377f5073b76701780a902cd0fc725a
https://git.kernel.org/stable/c/4e28f79e3dffa52d327b46d1a78dac16efb5810b

Timeline