CVE-2025-37787
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37787
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37787.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37787
- Downstream
- Related
- Published
- 2025-05-01T13:07:21.593Z
- Modified
- 2025-11-27T02:33:12.875812Z
- Summary
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/
The crash seems to be in devlinkregiondestroy(), which is not NULL tolerant but is given a NULL devlink global region pointer.
At least on some chips, some devlink regions are conditionally registered since the blamed commit, see mv88e6xxxsetupdevlinkregionsglobal():
if (cond && !cond(chip)) continue;These are MV88E6XXXREGIONSTU and MV88E6XXXREGIONPVT. If the chip does not have an STU or PVT, it should crash like this.
To fix the issue, avoid unregistering those regions which are NULL, i.e. were skipped at mv88e6xxxsetupdevlinkregionsglobal() time.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2025/37xxx/CVE-2025-37787.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3665695e3572239dc233216f06b41f40cc771889
- https://git.kernel.org/stable/c/5f5e95945bb1e08be7655da6acba648274db457d
- https://git.kernel.org/stable/c/8ccdf5e24b276848eefb2755e05ff0f005a0c4a1
- https://git.kernel.org/stable/c/b3c70dfe51f10df60db2646c08cebd24bcdc5247
- https://git.kernel.org/stable/c/bbb80f004f7a90c3dcaacc982c59967457254a05
- https://git.kernel.org/stable/c/c84f6ce918a9e6f4996597cbc62536bbf2247c96
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced836021a2d0e0e4c90b895a35bd9c0342071855fbFixed8ccdf5e24b276848eefb2755e05ff0f005a0c4a1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced836021a2d0e0e4c90b895a35bd9c0342071855fbFixedb3c70dfe51f10df60db2646c08cebd24bcdc5247
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced836021a2d0e0e4c90b895a35bd9c0342071855fbFixedbbb80f004f7a90c3dcaacc982c59967457254a05
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced836021a2d0e0e4c90b895a35bd9c0342071855fbFixed3665695e3572239dc233216f06b41f40cc771889
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced836021a2d0e0e4c90b895a35bd9c0342071855fbFixed5f5e95945bb1e08be7655da6acba648274db457d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced836021a2d0e0e4c90b895a35bd9c0342071855fbFixedc84f6ce918a9e6f4996597cbc62536bbf2247c96