CVE-2025-37845 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-37845?

CVE-2025-37845 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's fprobe tracing subsystem. An attacker could exploit this to cause kernel crashes or potentially execute arbitrary code with kernel privileges. All Linux systems using affected kernel versions with fprobe tracing enabled are vulnerable.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's fprobe tracing subsystem. An attacker could exploit this to cause kernel crashes or potentially execute arbitrary code with kernel privileges. All Linux systems using affected kernel versions with fprobe tracing enabled are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE description; check kernel commit history for exact ranges

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when fprobe tracing functionality is enabled and being used. Most default configurations may not have this enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.

🟠

Likely Case

Kernel panic causing system instability or denial of service, requiring system reboot.

🟢

If Mitigated

Minimal impact if fprobe tracing is disabled or systems are properly patched.

🌐 Internet-Facing: LOW - Requires local access or ability to load kernel modules.

🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could exploit this to escalate privileges or cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and ability to interact with kernel tracing subsystem. Timing window for UAF makes exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific kernel versions containing commits: 626f01f4d26e8cf92e69c1df53036153c8e98a20, 868df4eb784c3ccc7e4340a9ea993cbbedca167e, a27d2de2472b1cc7d582ab405d1d5832a80481de, dd941507a9486252d6fcf11814387666792020f3

Vendor Advisory: https://git.kernel.org/stable/c/626f01f4d26e8cf92e69c1df53036153c8e98a20

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable fprobe tracing

linux

Disable the vulnerable fprobe tracing functionality to prevent exploitation

echo 0 > /sys/kernel/debug/tracing/events/fprobes/enable

🧯 If You Can't Patch

Disable fprobe tracing functionality completely
Implement strict access controls to prevent unauthorized users from loading kernel modules or accessing tracing interfaces

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if fprobe tracing is enabled: cat /sys/kernel/debug/tracing/events/fprobes/enable

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains the fix commits and fprobe tracing functions properly without crashes

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
OOPs (kernel crash) logs
System crash/reboot events

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic or OOPs messages in system logs

📊 Metadata

CVE ID: CVE-2025-37845

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: May 9, 2025

Last Updated: November 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37845, you might also want to check these: