CVE-2025-37872

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37872
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37872.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37872
Downstream
Published
2025-05-09T07:16:08Z
Modified
2025-05-12T17:32:32Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net: txgbe: fix memory leak in txgbe_probe() error path

When txgbeswinit() is called, memory is allocated for wx->rsskey in wxinitrsskey(). However, in txgbeprobe() function, the subsequent error paths after txgbeswinit() don't free the rsskey. Fix that by freeing it in error path along with wx->mac_table.

Also change the label to which execution jumps when txgbeswinit() fails, because otherwise, it could lead to a double free for rsskey, when the mactable allocation fails in wxswinit().

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}