CVE-2025-37886

EUVD-2025-14104

09.05.2025, 07:16

In the Linux kernel, the following vulnerability has been resolved:

pds_core: make wait_context part of q_info

Make the wait_context a full part of the q_info struct rather
than a stack variable that goes away after pdsc_adminq_post()
is done so that the context is still available after the wait
loop has given up.

There was a case where a slow development firmware caused
the adminq request to time out, but then later the FW finally
finished the request and sent the interrupt.  The handler tried
to complete_all() the completion context that had been created
on the stack in pdsc_adminq_post() but no longer existed.
This caused bad pointer usage, kernel crashes, and much wailing
and gnashing of teeth.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	6.4 ≤ 𝑥 < 6.6.89
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.26
linux	linux_kernel	6.13 ≤ 𝑥 < 6.14.5
linux	linux_kernel	6.15:rc1
linux	linux_kernel	6.15:rc2
linux	linux_kernel	6.15:rc3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.257-1 fixed
forky	7.0.10-1 fixed
sid	7.0.10-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

openSUSE / SLES Releases

openSUSE Product

Release

kernel-64kb

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

kernel-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.40.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.40.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.3.1 fixed

kernel-default

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

kernel-default-base

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1.150600.12.24.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1.150700.17.2.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1.150600.12.24.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1.150700.17.2.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1.150600.12.24.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1.150700.17.2.1 fixed

kernel-docs

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

kernel-macros

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

kernel-source

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

kernel-source-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.40.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.40.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.3.1 fixed

kernel-syms

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

kernel-syms-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.40.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.40.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.3.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.3.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.53.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.3.1 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/1d7c4b2b0bbfb09b55b2dc0e2355d7936bf89381

https://git.kernel.org/stable/c/3f77c3dfffc7063428b100c4945ca2a7a8680380

https://git.kernel.org/stable/c/520f012fe75fb8efc9f16a57ef929a7a2115d892

https://git.kernel.org/stable/c/66d7702b42ffdf0dce4808626088268a4e905ca6