Linux Kernel up to 6.6.96/6.12.36/6.15.5/6.16-rc4 usb state issue
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Linux Kernel up to 6.6.96/6.12.36/6.15.5/6.16-rc4. This affects an unknown part of the component usb. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2025-38376. No exploit exists. You should upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 6.6.96/6.12.36/6.15.5/6.16-rc4. It has been rated as problematic. This issue affects some unknown functionality of the component usb. The manipulation with an unknown input leads to a state issue vulnerability. Using CWE to declare the problem leads to CWE-371. The impact remains unknown. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet (scp a big file between host and device) - Device is going in/out suspend (echo mem > /sys/power/state) The root cause is the USB device controller is suspended but the USB bus is still active which caused the USB host continues to transfer data with device and the device continues to queue USB requests (in this case, a delayed TCP ACK packet trigger the issue) after controller is suspended, however the USB controller clock is already gated off. Then if udc driver access registers after that point, the system will hang. The correct way to avoid such issue is to disconnect device from host when the USB bus is not at suspend state. Then the host will receive disconnect event and stop data transfer in time. To continue make USB gadget device work after system resume, this will reconnect device automatically. To make usb wakeup work if USB bus is already at suspend state, this will keep connection for it only when USB device controller has enabled wakeup capability.
It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2025-38376 since 04/16/2025. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/23/2025).
The vulnerability scanner Nessus provides a plugin with the ID 251307 (Linux Distros Unpatched Vulnerability : CVE-2025-38376), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.6.97, 6.12.37, 6.15.6 or 6.16-rc5 eliminates this vulnerability. Applying the patch 937f49be49d6ee696eb5457c21ff89c135c9b5ae/c68a27bbebbdb4e0ccd45d4f0df7111a09ddac24/5fd585fedb79bac2af9976b0fa3ffa354f0cc0bb/31a6afbe86e8e9deba9ab53876ec49eafc7fd901 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (251307) and CERT Bund (WID-SEC-2025-1653). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- IBM QRadar SIEM
- SUSE openSUSE
- RESF Rocky Linux
- Dell Avamar
- Open Source Linux Kernel
- Dell NetWorker
- Dell Secure Connect Gateway
Product
Type
Vendor
Name
Version
- 6.6.0
- 6.6.1
- 6.6.2
- 6.6.3
- 6.6.4
- 6.6.5
- 6.6.6
- 6.6.7
- 6.6.8
- 6.6.9
- 6.6.10
- 6.6.11
- 6.6.12
- 6.6.13
- 6.6.14
- 6.6.15
- 6.6.16
- 6.6.17
- 6.6.18
- 6.6.19
- 6.6.20
- 6.6.21
- 6.6.22
- 6.6.23
- 6.6.24
- 6.6.25
- 6.6.26
- 6.6.27
- 6.6.28
- 6.6.29
- 6.6.30
- 6.6.31
- 6.6.32
- 6.6.33
- 6.6.34
- 6.6.35
- 6.6.36
- 6.6.37
- 6.6.38
- 6.6.39
- 6.6.40
- 6.6.41
- 6.6.42
- 6.6.43
- 6.6.44
- 6.6.45
- 6.6.46
- 6.6.47
- 6.6.48
- 6.6.49
- 6.6.50
- 6.6.51
- 6.6.52
- 6.6.53
- 6.6.54
- 6.6.55
- 6.6.56
- 6.6.57
- 6.6.58
- 6.6.59
- 6.6.60
- 6.6.61
- 6.6.62
- 6.6.63
- 6.6.64
- 6.6.65
- 6.6.66
- 6.6.67
- 6.6.68
- 6.6.69
- 6.6.70
- 6.6.71
- 6.6.72
- 6.6.73
- 6.6.74
- 6.6.75
- 6.6.76
- 6.6.77
- 6.6.78
- 6.6.79
- 6.6.80
- 6.6.81
- 6.6.82
- 6.6.83
- 6.6.84
- 6.6.85
- 6.6.86
- 6.6.87
- 6.6.88
- 6.6.89
- 6.6.90
- 6.6.91
- 6.6.92
- 6.6.93
- 6.6.94
- 6.6.95
- 6.6.96
- 6.12.0
- 6.12.1
- 6.12.2
- 6.12.3
- 6.12.4
- 6.12.5
- 6.12.6
- 6.12.7
- 6.12.8
- 6.12.9
- 6.12.10
- 6.12.11
- 6.12.12
- 6.12.13
- 6.12.14
- 6.12.15
- 6.12.16
- 6.12.17
- 6.12.18
- 6.12.19
- 6.12.20
- 6.12.21
- 6.12.22
- 6.12.23
- 6.12.24
- 6.12.25
- 6.12.26
- 6.12.27
- 6.12.28
- 6.12.29
- 6.12.30
- 6.12.31
- 6.12.32
- 6.12.33
- 6.12.34
- 6.12.35
- 6.12.36
- 6.15.0
- 6.15.1
- 6.15.2
- 6.15.3
- 6.15.4
- 6.15.5
- 6.16-rc1
- 6.16-rc2
- 6.16-rc3
- 6.16-rc4
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: State issueCWE: CWE-371
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 251307
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2025-38376
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.6.97/6.12.37/6.15.6/6.16-rc5
Patch: 937f49be49d6ee696eb5457c21ff89c135c9b5ae/c68a27bbebbdb4e0ccd45d4f0df7111a09ddac24/5fd585fedb79bac2af9976b0fa3ffa354f0cc0bb/31a6afbe86e8e9deba9ab53876ec49eafc7fd901
Timeline
04/16/2025 CVE reserved07/25/2025 Advisory disclosed
07/25/2025 VulDB entry created
12/23/2025 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2025-38376 (🔒)
GCVE (CVE): GCVE-0-2025-38376
GCVE (VulDB): GCVE-100-317627
CERT Bund: WID-SEC-2025-1653 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 07/25/2025 15:34Updated: 12/23/2025 13:01
Changes: 07/25/2025 15:34 (57), 08/19/2025 11:04 (2), 08/19/2025 20:09 (7), 09/14/2025 15:44 (1), 09/15/2025 17:16 (1), 09/28/2025 17:40 (1), 11/02/2025 07:12 (1), 11/17/2025 00:38 (1), 11/20/2025 01:54 (11), 12/23/2025 13:01 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.