{"id":"CVE-2025-37916","summary":"pds_core: remove write-after-free of client_id","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: remove write-after-free of client_id\n\nA use-after-free error popped up in stress testing:\n\n[Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core]\n[Mon Apr 21 21:21:33 2025] Use-after-free write at 0x000000007013ecd1 (in kfence-#47):\n[Mon Apr 21 21:21:33 2025]  pdsc_auxbus_dev_del+0xef/0x160 [pds_core]\n[Mon Apr 21 21:21:33 2025]  pdsc_remove+0xc0/0x1b0 [pds_core]\n[Mon Apr 21 21:21:33 2025]  pci_device_remove+0x24/0x70\n[Mon Apr 21 21:21:33 2025]  device_release_driver_internal+0x11f/0x180\n[Mon Apr 21 21:21:33 2025]  driver_detach+0x45/0x80\n[Mon Apr 21 21:21:33 2025]  bus_remove_driver+0x83/0xe0\n[Mon Apr 21 21:21:33 2025]  pci_unregister_driver+0x1a/0x80\n\nThe actual device uninit usually happens on a separate thread\nscheduled after this code runs, but there is no guarantee of order\nof thread execution, so this could be a problem.  There's no\nactual need to clear the client_id at this point, so simply\nremove the offending code.","modified":"2026-04-16T00:01:22.202987367Z","published":"2025-05-20T15:21:47.088Z","related":["SUSE-SU-2025:4393-1","SUSE-SU-2025:4422-1","SUSE-SU-2025:4505-1","SUSE-SU-2025:4516-1","SUSE-SU-2025:4517-1","SUSE-SU-2025:4521-1","SUSE-SU-2026:20012-1","SUSE-SU-2026:20015-1","SUSE-SU-2026:20021-1","SUSE-SU-2026:20039-1","SUSE-SU-2026:20059-1","SUSE-SU-2026:20473-1","SUSE-SU-2026:20496-1","openSUSE-SU-2025:20172-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37916.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/26dc701021302f11c8350108321d11763bd81dfe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c649b9653ed09196e91d3f4b16b679041b3c42e6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dfd76010f8e821b66116dec3c7d90dd2403d1396"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37916.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37916"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"10659034c622738bc1bfab8a76fc576c52d5acce"},{"fixed":"9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b"},{"fixed":"c649b9653ed09196e91d3f4b16b679041b3c42e6"},{"fixed":"26dc701021302f11c8350108321d11763bd81dfe"},{"fixed":"dfd76010f8e821b66116dec3c7d90dd2403d1396"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37916.json"}}],"schema_version":"1.7.5"}