Main Vulnerability Database SB2025052192

SB2025052192 - Input validation error in Linux kernel usb typec driver

Published: May 21, 2025 Updated: May 26, 2025

Security Bulletin ID SB2025052192

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2025-37986)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the typec_unregister_partner() function in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/40966fc9939e85677fdb489dfddfa205baaad03b
https://git.kernel.org/stable/c/66e1a887273c6b89f09bc11a40d0a71d5a081a8e
https://git.kernel.org/stable/c/74911338f47c13d1b9470fc50718182bffad42e2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.5