CVE-2025-37813

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: xhci: Fix invalid pointer dereference in Etron workaround<br /> <br /> This check is performed before prepare_transfer() and prepare_ring(), so<br /> enqueue can already point at the final link TRB of a segment. And indeed<br /> it will, some 0.4% of times this code is called.<br /> <br /> Then enqueue + 1 is an invalid pointer. It will crash the kernel right<br /> away or load some junk which may look like a link TRB and cause the real<br /> link TRB to be replaced with a NOOP. This wouldn&amp;#39;t end well.<br /> <br /> Use a functionally equivalent test which doesn&amp;#39;t dereference the pointer<br /> and always gives correct result.<br /> <br /> Something has crashed my machine twice in recent days while playing with<br /> an Etron HC, and a control transfer stress test ran for confirmation has<br /> just crashed it again. The same test passes with this patch applied.