{
  "threat_severity" : "Moderate",
  "public_date" : "2025-07-03T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering",
    "id" : "2376078",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2376078"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\nIt's possible to trigger use-after-free here by:\n(a) forcing rescan_work_func() to take a long time and\n(b) utilizing a pwrctrl driver that may be unloaded for some reason\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n[bhelgaas: tidy commit log]" ],
  "statement" : "Fixes a use-after-free vulnerability in the PCI/pwrctrl subsystem. If rescan_work_func() is still executing when the pwrctrl structure is freed (e.g., upon driver removal), the system may crash or exhibit undefined behavior. The vulnerability can potentially be triggered by a local attacker with limited privileges by forcing long-running rescan work and unloading the related driver concurrently. This bug not introduced yet in any version of the Red Hat Enterprise Linux, so not affected for all versions (apart from latest Red Hat Enterprise Linux 10 where going to check this additionally).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-08-11T00:00:00Z",
    "advisory" : "RHSA-2025:13598",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.27.1.el10_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38137\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38137\nhttps://lore.kernel.org/linux-cve-announce/2025070332-CVE-2025-38137-d4bf@gregkh/T" ],
  "name" : "CVE-2025-38137",
  "csaw" : false
}