CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37986: usb: typec: class: Invalidate USB device pointers on partner unregistration

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: class: Invalidate USB device pointers on partner unregistration

To avoid using invalid USB device pointers after a Type-C partner
disconnects, this patch clears the pointers upon partner unregistration.
This ensures a clean state for future connections.

Classification

CVE ID: CVE-2025-37986

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.26% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37986
https://git.kernel.org/stable/c/40966fc9939e85677fdb489dfddfa205baaad03b
https://git.kernel.org/stable/c/74911338f47c13d1b9470fc50718182bffad42e2
https://git.kernel.org/stable/c/66e1a887273c6b89f09bc11a40d0a71d5a081a8e

Timeline

2025-05-20 18:40:18 UTC
CVE

usb: typec: class: Invalidate USB device pointers on partner unregistration