CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37985: USB: wdm: close race between wdm_open and wdm_wwan_port_stop

Description

In the Linux kernel, the following vulnerability has been resolved:

USB: wdm: close race between wdm_open and wdm_wwan_port_stop

Clearing WDM_WWAN_IN_USE must be the last action or
we can open a chardev whose URBs are still poisoned

Classification

CVE ID: CVE-2025-37985

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.59% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37985
https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167
https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b306710e702eac492
https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc71c8d4855dfbd72
https://git.kernel.org/stable/c/52ae15c665b5fe5876655aaccc3ef70560b0e314
https://git.kernel.org/stable/c/e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9
https://git.kernel.org/stable/c/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f

Timeline

2025-05-20 18:40:18 UTC
CVE

USB: wdm: close race between wdm_open and wdm_wwan_port_stop