{"uuid": "7edfa7ef-4243-4383-ab90-b19690f4af72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37813", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15495", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37813\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix invalid pointer dereference in Etron workaround\n\nThis check is performed before prepare_transfer() and prepare_ring(), so\nenqueue can already point at the final link TRB of a segment. And indeed\nit will, some 0.4% of times this code is called.\n\nThen enqueue + 1 is an invalid pointer. It will crash the kernel right\naway or load some junk which may look like a link TRB and cause the real\nlink TRB to be replaced with a NOOP. This wouldn't end well.\n\nUse a functionally equivalent test which doesn't dereference the pointer\nand always gives correct result.\n\nSomething has crashed my machine twice in recent days while playing with\nan Etron HC, and a control transfer stress test ran for confirmation has\njust crashed it again. The same test passes with this patch applied.\n\ud83d\udccf Published: 2025-05-08T06:26:10.000Z\n\ud83d\udccf Modified: 2025-05-08T06:26:10.000Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/142273a49f2c315eabdbdf5a71c15e479b75ca91\n2. https://git.kernel.org/stable/c/bce3055b08e303e28a8751f6073066f5c33a0744\n3. https://git.kernel.org/stable/c/0624e29c595b05e7a0e6d1c368f0a05799928e30\n4. https://git.kernel.org/stable/c/1ea050da5562af9b930d17cbbe9632d30f5df43a", "creation_timestamp": "2025-05-08T07:23:23.000000Z"}