CVE-2025-37995

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> module: ensure that kobject_put() is safe for module type kobjects<br /> <br /> In &amp;#39;lookup_or_create_module_kobject()&amp;#39;, an internal kobject is created<br /> using &amp;#39;module_ktype&amp;#39;. So call to &amp;#39;kobject_put()&amp;#39; on error handling<br /> path causes an attempt to use an uninitialized completion pointer in<br /> &amp;#39;module_kobject_release()&amp;#39;. In this scenario, we just want to release<br /> kobject without an extra synchronization required for a regular module<br /> unloading process, so adding an extra check whether &amp;#39;complete()&amp;#39; is<br /> actually required makes &amp;#39;kobject_put()&amp;#39; safe.