What is the severity of CVE-2025-37813?

CVE-2025-37813 has been classified as a medium severity vulnerability in the Linux kernel.

What causes CVE-2025-37813?

CVE-2025-37813 is caused by an invalid pointer dereference in the USB xHCI driver related to Etron workarounds.

How do I fix CVE-2025-37813?

To fix CVE-2025-37813, upgrade to the patched version of the Linux kernel where this vulnerability has been resolved.

Which versions of the Linux kernel are affected by CVE-2025-37813?

CVE-2025-37813 affects multiple versions of the Linux kernel; review your installed version for vulnerabilities.

Is CVE-2025-37813 actively exploited in the wild?

As of now, there are no reported cases of CVE-2025-37813 being actively exploited in the wild.

Vulnerability/
CVE-2025-37813

8/5/2025

CVE-2025-37813: usb: xhci: Fix invalid pointer dereference in Etron workaround

First published: Thu May 08 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before prepare_transfer() and prepare_ring(), so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of times this code is called. Then enqueue + 1 is an invalid pointer. It will crash the kernel right away or load some junk which may look like a link TRB and cause the real link TRB to be replaced with a NOOP. This wouldn't end well. Use a functionally equivalent test which doesn't dereference the pointer and always gives correct result. Something has crashed my machine twice in recent days while playing with an Etron HC, and a control transfer stress test ran for confirmation has just crashed it again. The same test passes with this patch applied.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-37813?
CVE-2025-37813 has been classified as a medium severity vulnerability in the Linux kernel.
What causes CVE-2025-37813?
CVE-2025-37813 is caused by an invalid pointer dereference in the USB xHCI driver related to Etron workarounds.
How do I fix CVE-2025-37813?
To fix CVE-2025-37813, upgrade to the patched version of the Linux kernel where this vulnerability has been resolved.
Which versions of the Linux kernel are affected by CVE-2025-37813?
CVE-2025-37813 affects multiple versions of the Linux kernel; review your installed version for vulnerabilities.
Is CVE-2025-37813 actively exploited in the wild?
As of now, there are no reported cases of CVE-2025-37813 being actively exploited in the wild.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/tags
agent/event
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.