logo_clicknbuy.png

CVE-2025-37813 – Etron USB XHCI Invalid Pointer Dereference Vulnerability

The following table lists the changes that have been made to the
CVE-2025-37813 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 08, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    usb: xhci: Fix invalid pointer dereference in Etron workaround

    This check is performed before prepare_transfer() and prepare_ring(), so
    enqueue can already point at the final link TRB of a segment. And indeed
    it will, some 0.4% of times this code is called.

    Then enqueue + 1 is an invalid pointer. It will crash the kernel right
    away or load some junk which may look like a link TRB and cause the real
    link TRB to be replaced with a NOOP. This wouldn’t end well.

    Use a functionally equivalent test which doesn’t dereference the pointer
    and always gives correct result.

    Something has crashed my machine twice in recent days while playing with
    an Etron HC, and a control transfer stress test ran for confirmation has
    just crashed it again. The same test passes with this patch applied.
    Added Reference https://git.kernel.org/stable/c/0624e29c595b05e7a0e6d1c368f0a05799928e30
    Added Reference https://git.kernel.org/stable/c/142273a49f2c315eabdbdf5a71c15e479b75ca91
    Added Reference https://git.kernel.org/stable/c/1ea050da5562af9b930d17cbbe9632d30f5df43a
    Added Reference https://git.kernel.org/stable/c/bce3055b08e303e28a8751f6073066f5c33a0744
Share the Post:

Related Posts