U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-37995 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether 'complete()' is actually required makes 'kobject_put()' safe.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/31d8df3f303c3ae9115230820977ef8c35c88808 kernel.org Patch 
https://git.kernel.org/stable/c/93799fb988757cdacf19acba57807746c00378e6 kernel.org Patch 
https://git.kernel.org/stable/c/9e7b49ce4f9d0cb5b6e87db9e07a2fb9e754b0dd kernel.org Patch 
https://git.kernel.org/stable/c/a63d99873547d8b39eb2f6db79dd235761e7098a kernel.org Patch 
https://git.kernel.org/stable/c/a6aeb739974ec73e5217c75a7c008a688d3d5cf1 kernel.org Patch 
https://git.kernel.org/stable/c/d63851049f412cdfadaeef7a7eaef5031d11c1e9 kernel.org Patch 
https://git.kernel.org/stable/c/f1c71b4bd721a4ea21da408806964b10468623f2 kernel.org Patch 
https://git.kernel.org/stable/c/faa9059631d3491d699c69ecf512de9e1a3d6649 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html CVE Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html CVE Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-824 Access of Uninitialized Pointer cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-37995
NVD Published Date:
05/29/2025
NVD Last Modified:
12/16/2025
Source:
kernel.org