Medium severity5.5NVD Advisory· Published May 1, 2025· Updated Jun 17, 2026
CVE-2025-37746
CVE-2025-37746
Description
In the Linux kernel, the following vulnerability has been resolved:
perf/dwc_pcie: fix duplicate pci_dev devices
During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse still, accessing the duplicated device leads to list corruption as its mutex content (e.g., list, magic) remains the same as the original.
Affected products
8- osv-coords6 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-vmware-6.12pkg:linux/kernel
< 6.12.80-r0+ 5 more
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: >= 6.8.0, < 6.14.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.