CVE-2025-37805 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-37805?

CVE-2025-37805 has a CVSS score of 5.5 (MEDIUM). A race condition vulnerability in the Linux kernel's virtio sound driver where uninitialized work_struct structures can trigger kernel warnings during error handling. This affects systems using virtio sound devices with Linux kernel versions containing the vulnerable code. The issue occurs during device probe failure scenarios.

📋 TL;DR

A race condition vulnerability in the Linux kernel's virtio sound driver where uninitialized work_struct structures can trigger kernel warnings during error handling. This affects systems using virtio sound devices with Linux kernel versions containing the vulnerable code. The issue occurs during device probe failure scenarios.

💻 Affected Systems

Products:

Linux kernel virtio sound driver

Versions: Linux kernel versions containing the vulnerable virtio sound driver code prior to the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with virtio sound devices enabled and during device probe failure scenarios.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system instability if the warning escalates to a more severe error condition during the race condition.

🟠

Likely Case

Kernel warning messages in system logs and potential minor system instability during virtio sound device initialization failures.

🟢

If Mitigated

Only kernel warning messages with no functional impact on properly functioning systems.

🌐 Internet-Facing: LOW - This is a local kernel driver issue not directly exposed to network interfaces.

🏢 Internal Only: MEDIUM - Affects systems using virtio sound devices, particularly in virtualized environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering specific error conditions during virtio sound device initialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing commits: 3c7df2e27346eb40a0e86230db1ccab195c97cfe, 54c7b864fbe4423a07b443a4ada0106052942116, 5be9407b41eae20eef9140f5cfbfcbc3d01aaf45, 66046b586c0aaa9332483bcdbd76e3305d6138e9, 9908498ce929a5a052b79bb7942f9ea317312ce4

Vendor Advisory: https://git.kernel.org/stable/c/3c7df2e27346eb40a0e86230db1ccab195c97cfe

Restart Required: Yes

Instructions:

Update Linux kernel to version containing the fix commits
Reboot system to load new kernel

🔧 Temporary Workarounds

Disable virtio sound driver

linux

Prevent loading of the vulnerable virtio sound driver module

echo 'blacklist virtio_snd' >> /etc/modprobe.d/blacklist-virtio-snd.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Avoid using virtio sound devices in virtualized environments
Monitor kernel logs for WARNING messages related to workqueue.c and virtio_snd

🔍 How to Verify

Check if Vulnerable:

Check kernel logs for WARNING messages containing 'workqueue.c:4182' and 'virtio_snd' during system boot or device initialization

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and no warning messages appear in logs during virtio sound device operations

📡 Detection & Monitoring

Log Indicators:

WARNING: CPU: PID: at kernel/workqueue.c:4182
Call trace containing virtsnd_remove, virtsnd_probe, cancel_work_sync

Network Indicators:

None - local kernel issue

SIEM Query:

source="kernel" AND "WARNING" AND "workqueue.c:4182" AND "virtio_snd"

📊 Metadata

CVE ID: CVE-2025-37805

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.02% exploit probability (4.4th percentile)

Published: May 8, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37805, you might also want to check these: