Login Sign Up

CVE-2025-37838

7.8 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's ssi_protocol driver allows local attackers to potentially crash the system or execute arbitrary code. This affects systems using the HSI subsystem with the vulnerable driver loaded. Attackers need local access to trigger the race condition.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but references indicate stable kernel patches.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if HSI subsystem with ssi_protocol driver is loaded and used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

System crash or kernel panic causing denial of service.

🟢

If Mitigated

Minimal impact if driver not loaded or system properly patched.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local attackers could crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and precise timing to trigger race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/4a8c29beb8a02b5a0a9d77d608aa14b6f88a6b86

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify driver is using patched code.

🔧 Temporary Workarounds

Unload ssi_protocol driver

linux

Remove the vulnerable driver if not needed

sudo rmmod ssi_protocol

Blacklist driver

linux

Prevent driver from loading at boot

echo 'blacklist ssi_protocol' | sudo tee /etc/modprobe.d/ssi_protocol-blacklist.conf

🧯 If You Can't Patch

  • Restrict local access to systems using HSI subsystem
  • Monitor for kernel crashes or unusual driver behavior

🔍 How to Verify

Check if Vulnerable:

Check if ssi_protocol driver is loaded: lsmod | grep ssi_protocol

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions in git commits, verify driver loads without errors

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Use-after-free warnings in kernel logs
  • ssi_protocol driver crash logs

Network Indicators:

  • None - local exploit only

SIEM Query:

source="kernel" AND ("panic" OR "use-after-free" OR "ssi_protocol")

📊 Metadata

CVE ID: CVE-2025-37838
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.06% exploit probability (17.6th percentile)
Published: April 18, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37838, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)