CVE-2025-37787

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37787
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37787.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37787
Downstream
Related
Published
2025-05-01T13:07:21.593Z
Modified
2026-05-15T11:54:16.018608343Z
Summary
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered

Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/

The crash seems to be in devlinkregiondestroy(), which is not NULL tolerant but is given a NULL devlink global region pointer.

At least on some chips, some devlink regions are conditionally registered since the blamed commit, see mv88e6xxxsetupdevlinkregionsglobal():

    if (cond && !cond(chip))
        continue;

These are MV88E6XXXREGIONSTU and MV88E6XXXREGIONPVT. If the chip does not have an STU or PVT, it should crash like this.

To fix the issue, avoid unregistering those regions which are NULL, i.e. were skipped at mv88e6xxxsetupdevlinkregionsglobal() time.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37787.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.15.181
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.135
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.88
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.25
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37787.json"