CVE-2025-37838: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-37838) was discovered in the Linux kernel's ssiprotocol driver. The vulnerability was disclosed on April 18, 2025, affecting multiple versions of the Linux kernel up to version 6.1.135. The issue occurs in the ssiprotocol_probe() function due to a race condition between work queue execution and module cleanup (NVD).

The vulnerability stems from a race condition in the ssiprotocol driver where &ssi->work is bound with ssipxmitwork(). In ssippnsetup(), the ssippnxmit() function within the ssippnops structure can start the work. When the module is removed, ssiprotocol_remove() is called for cleanup, which frees the ssi structure through kfree(ssi) while the work is still in use. The vulnerability has been assigned a CVSS 3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Red Hat).

The vulnerability could lead to privilege escalation, denial of service, or information leaks in affected Linux kernel versions. The use-after-free condition could potentially allow an attacker to execute arbitrary code with elevated privileges (Debian Security).

The vulnerability has been fixed in Linux kernel version 6.1.135-1. The fix ensures that the work is canceled before proceeding with the cleanup in ssiprotocolremove(). Users are recommended to upgrade their kernel to the patched version (Debian Security).