cve/published/2025/CVE-2025-37985.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-37985: USB: wdm: close race between wdm_open and wdm_wwan_port_stop

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 USB: wdm: close race between wdm_open and wdm_wwan_port_stop

 Clearing WDM_WWAN_IN_USE must be the last action or
 we can open a chardev whose URBs are still poisoned

 The Linux kernel CVE team has assigned CVE-2025-37985 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 5.15.181 with commit b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167
 	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.1.136 with commit 217fe1fc7d112595a793e02b306710e702eac492
 	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.6.89 with commit 54f7f8978af19f899dec80bcc71c8d4855dfbd72
 	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.12.26 with commit 52ae15c665b5fe5876655aaccc3ef70560b0e314
 	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.14.5 with commit e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9
 	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.15 with commit c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-37985
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/usb/class/cdc-wdm.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167
 	https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b306710e702eac492
 	https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc71c8d4855dfbd72
 	https://git.kernel.org/stable/c/52ae15c665b5fe5876655aaccc3ef70560b0e314
 	https://git.kernel.org/stable/c/e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9
 	https://git.kernel.org/stable/c/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-37985: USB: wdm: close race between wdm_open and wdm_wwan_port_stop

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	USB: wdm: close race between wdm_open and wdm_wwan_port_stop

	Clearing WDM_WWAN_IN_USE must be the last action or
	we can open a chardev whose URBs are still poisoned

	The Linux kernel CVE team has assigned CVE-2025-37985 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 5.15.181 with commit b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167
	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.1.136 with commit 217fe1fc7d112595a793e02b306710e702eac492
	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.6.89 with commit 54f7f8978af19f899dec80bcc71c8d4855dfbd72
	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.12.26 with commit 52ae15c665b5fe5876655aaccc3ef70560b0e314
	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.14.5 with commit e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9
	Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.15 with commit c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-37985
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/usb/class/cdc-wdm.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167
	https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b306710e702eac492
	https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc71c8d4855dfbd72
	https://git.kernel.org/stable/c/52ae15c665b5fe5876655aaccc3ef70560b0e314
	https://git.kernel.org/stable/c/e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9
	https://git.kernel.org/stable/c/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f