CVE-2025-37994

usb: typec: ucsi: displayport: Fix NULL pointer access

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/9dda1e2a666a8a32ce0f153b5dee05c7351f1020
https://git.kernel.org/stable/c/a9931f1b52b2d0bf3952e003fd5901ea7eb851ed
https://git.kernel.org/stable/c/7804c4d63edfdd5105926cc291e806e8f4ce01b5
https://git.kernel.org/stable/c/076ab0631ed4928905736f1701e25f1e722bc086
https://git.kernel.org/stable/c/14f298c52188c34acde9760bf5abc669c5c36fdb
https://git.kernel.org/stable/c/5ad298d6d4aebe1229adba6427e417e89a5208d8
https://git.kernel.org/stable/c/e9b63faf5c97deb43fc39a52edbc39d626cc14bf
https://git.kernel.org/stable/c/312d79669e71283d05c05cc49a1a31e59e3d9e0e

Frequently Asked Questions

What is the severity of CVE-2025-37994?
CVE-2025-37994 has not yet been assigned a CVSS score.
How to fix CVE-2025-37994?
To fix CVE-2025-37994, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37994 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37994 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37994?
CVE-2025-37994 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.