Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-37813
CVE-2025-37813:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2025-37813 is a vulnerability discovered in the Linux kernel's USB XHCI driver, specifically affecting the Etron workaround implementation. The vulnerability was disclosed on May 8, 2025, and affects various Linux distributions including Ubuntu's newer releases (24.04 LTS noble, 24.10 oracular, and 25.04 plucky) and Red Hat Enterprise Linux 9 (NVD, Red Hat).
Technical details
The vulnerability stems from an invalid pointer dereference in the Etron workaround implementation within the USB XHCI driver. The issue occurs when the enqueue pointer points to the final link TRB (Transfer Request Block) of a segment, which happens approximately 0.4% of the time. The check is performed before preparetransfer() and preparering() functions, leading to an invalid pointer when incrementing the enqueue pointer. This can result in immediate kernel crashes or corruption of the TRB chain (Red Hat). The vulnerability has been assigned a CVSS v3.1 base score of 7.0 with vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating high severity with local access requirements (Red Hat).
Impact
The vulnerability can cause system crashes and potential memory corruption when exploited. When triggered, it either crashes the kernel immediately or loads incorrect data that may appear as a link TRB, causing the real link TRB to be replaced with a NOOP operation. This can lead to system instability and potential privilege escalation (NVD).
Mitigation and workarounds
A patch has been developed that implements a functionally equivalent test which doesn't dereference the pointer and always gives correct results. The fix has been confirmed to prevent the crashes during stress testing. Various Linux distributions have different statuses regarding the fix: Red Hat Enterprise Linux 9 has deferred the fix, while older versions (RHEL 8 and below) are either not affected or out of support scope. Ubuntu has marked several recent versions as vulnerable, including 24.04 LTS noble, 24.10 oracular, and 25.04 plucky, while older versions are not affected (Ubuntu, Red Hat).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management