CVE-2025-37787

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37787
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37787.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37787
Downstream
Related
Published
2025-05-01T14:15:43Z
Modified
2025-08-09T19:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered

Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/

The crash seems to be in devlinkregiondestroy(), which is not NULL tolerant but is given a NULL devlink global region pointer.

At least on some chips, some devlink regions are conditionally registered since the blamed commit, see mv88e6xxxsetupdevlinkregionsglobal():

    if (cond && !cond(chip))
        continue;

These are MV88E6XXXREGIONSTU and MV88E6XXXREGIONPVT. If the chip does not have an STU or PVT, it should crash like this.

To fix the issue, avoid unregistering those regions which are NULL, i.e. were skipped at mv88e6xxxsetupdevlinkregionsglobal() time.

References

Affected packages