CVE-2025-37995

module: ensure that kobject_put() is safe for module type kobjects

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created
using 'module_ktype'. So call to 'kobject_put()' on error handling
path causes an attempt to use an uninitialized completion pointer in
'module_kobject_release()'. In this scenario, we just want to release
kobject without an extra synchronization required for a regular module
unloading process, so adding an extra check whether 'complete()' is
actually required makes 'kobject_put()' safe.

In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether 'complete()' is actually required makes 'kobject_put()' safe.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rogue device and possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-05-29 CVE Published
2025-06-04 CVE Updated
2025-06-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/942e443127e928a5631c3d5102aca8c8b3c2dd98	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/93799fb988757cdacf19acba57807746c00378e6	2025-06-04
https://git.kernel.org/stable/c/a63d99873547d8b39eb2f6db79dd235761e7098a	2025-06-04
https://git.kernel.org/stable/c/f1c71b4bd721a4ea21da408806964b10468623f2	2025-05-18
https://git.kernel.org/stable/c/9e7b49ce4f9d0cb5b6e87db9e07a2fb9e754b0dd	2025-05-18
https://git.kernel.org/stable/c/faa9059631d3491d699c69ecf512de9e1a3d6649	2025-05-18
https://git.kernel.org/stable/c/d63851049f412cdfadaeef7a7eaef5031d11c1e9	2025-05-18
https://git.kernel.org/stable/c/31d8df3f303c3ae9115230820977ef8c35c88808	2025-05-18
https://git.kernel.org/stable/c/a6aeb739974ec73e5217c75a7c008a688d3d5cf1	2025-05-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 5.4.294 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.4.294"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 5.10.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.10.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 5.15.183 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 5.15.183"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.1.139 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.1.139"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.6.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.6.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.12.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.12.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.14.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.14.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.12 < 6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 6.15"		en		Affected