Main Vulnerability Database SB2025052134

SB2025052134 - Improper locking in Linux kernel typec ucsi driver

Published: May 21, 2025

Security Bulletin ID SB2025052134

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-37967)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ucsi_set_drvdata() function in drivers/usb/typec/ucsi/ucsi.c, within the ucsi_displayport_enter(), ucsi_displayport_exit() and ucsi_displayport_vdm() functions in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/364618c89d4c57c85e5fc51a2446cd939bf57802
https://git.kernel.org/stable/c/61fc1a8e1e10cc784cab5829930838aaf1d37af5