{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-37985", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.976Z", "datePublished": "2025-05-20T17:09:18.963Z", "dateUpdated": "2026-05-11T21:19:04.908Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:19:04.908Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: wdm: close race between wdm_open and wdm_wwan_port_stop\n\nClearing WDM_WWAN_IN_USE must be the last action or\nwe can open a chardev whose URBs are still poisoned"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/class/cdc-wdm.c"], "versions": [{"version": "cac6fb015f719104e60b1c68c15ca5b734f57b9c", "lessThan": "b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167", "status": "affected", "versionType": "git"}, {"version": "cac6fb015f719104e60b1c68c15ca5b734f57b9c", "lessThan": "217fe1fc7d112595a793e02b306710e702eac492", "status": "affected", "versionType": "git"}, {"version": "cac6fb015f719104e60b1c68c15ca5b734f57b9c", "lessThan": "54f7f8978af19f899dec80bcc71c8d4855dfbd72", "status": "affected", "versionType": "git"}, {"version": "cac6fb015f719104e60b1c68c15ca5b734f57b9c", "lessThan": "52ae15c665b5fe5876655aaccc3ef70560b0e314", "status": "affected", "versionType": "git"}, {"version": "cac6fb015f719104e60b1c68c15ca5b734f57b9c", "lessThan": "e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9", "status": "affected", "versionType": "git"}, {"version": "cac6fb015f719104e60b1c68c15ca5b734f57b9c", "lessThan": "c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/class/cdc-wdm.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.181", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.136", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.89", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.26", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.5", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.181"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.6.89"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.12.26"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.14.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167"}, {"url": "https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b306710e702eac492"}, {"url": "https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc71c8d4855dfbd72"}, {"url": "https://git.kernel.org/stable/c/52ae15c665b5fe5876655aaccc3ef70560b0e314"}, {"url": "https://git.kernel.org/stable/c/e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9"}, {"url": "https://git.kernel.org/stable/c/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f"}], "title": "USB: wdm: close race between wdm_open and wdm_wwan_port_stop", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:01.024Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "842171FF-E43E-43AA-8362-BA3CA81C9B4A", "versionEndExcluding": "5.15.181", "versionStartIncluding": "5.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "27735C1B-DDFC-4860-8952-1D01025F9D4C", "versionEndExcluding": "6.1.136", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D79CE030-3114-45E0-B52B-C77781BCB587", "versionEndExcluding": "6.6.89", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "22F52099-F422-4D19-8283-45F9F9BF4392", "versionEndExcluding": "6.12.26", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B25CA7E-4CD0-46DB-B4EF-13A3516071FB", "versionEndExcluding": "6.14.5", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "13FC0DDE-E513-465E-9E81-515702D49B74", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: wdm: close race between wdm_open and wdm_wwan_port_stop\n\nClearing WDM_WWAN_IN_USE must be the last action or\nwe can open a chardev whose URBs are still poisoned"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: wdm: ejecuci\u00f3n cerrada entre wdm_open y wdm_wwan_port_stop Borrar WDM_WWAN_IN_USE debe ser la \u00faltima acci\u00f3n o podemos abrir un chardev cuyos URB todav\u00eda est\u00e9n envenenados"}], "id": "CVE-2025-37985", "lastModified": "2025-12-16T20:19:27.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-20T18:15:45.360", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b306710e702eac492"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/52ae15c665b5fe5876655aaccc3ef70560b0e314"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc71c8d4855dfbd72"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: USB: wdm: close race between wdm_open and wdm_wwan_port_stop", "id": "2367617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367617"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-826", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nUSB: wdm: close race between wdm_open and wdm_wwan_port_stop\nClearing WDM_WWAN_IN_USE must be the last action or\nwe can open a chardev whose URBs are still poisoned"], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module cdc-wdm from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2025-37985", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-37985\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37985\nhttps://lore.kernel.org/linux-cve-announce/2025052037-CVE-2025-37985-1b43@gregkh/T"], "statement": "The bug actual only if WMC Device Management functionality being used (that is for the cell phones compliant to the CDC WMC specification). It is about possibility of incorrect access to the device (can access after release of the device). It doesn't lead to kernel crash or other possibilities of attack, so the security impact is limited.", "threat_severity": "Moderate"}

{"created": "2025-06-24T09:44:22.934422+00:00", "updated": "2025-06-24T09:44:22.934502+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}