CVE-2025-37836 Affecting kernel-tools-libs package, versions *


Severity

Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-KERNELTOOLSLIBS-10085589
  • published9 May 2025
  • disclosed9 May 2025

Introduced: 9 May 2025

NewCVE-2025-37836  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:9 kernel-tools-libs.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-tools-libs package and not the kernel-tools-libs package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix reference leak in pci_register_host_bridge()

If device_register() fails, call put_device() to give up the reference to avoid a memory leak, per the comment at device_register().

Found by code review.

[bhelgaas: squash Dan Carpenter's double free fix from https://lore.kernel.org/r/db806a6c-a91b-4e5a-a84b-6b7e01bdac85@stanley.mountain]

CVSS Base Scores

version 3.1