CVE-2025-37874
- Source
- https://cve.org/CVERecord?id=CVE-2025-37874
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37874.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-37874
- Downstream
- Related
- Published
- 2025-05-09T06:44:02.314Z
- Modified
- 2026-03-12T21:40:19.288306Z
- Summary
- net: ngbe: fix memory leak in ngbe_probe() error path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: ngbe: fix memory leak in ngbe_probe() error path
When ngbeswinit() is called, memory is allocated for wx->rsskey in wxinitrsskey(). However, in ngbeprobe() function, the subsequent error paths after ngbeswinit() don't free the rsskey. Fix that by freeing it in error path along with wx->mac_table.
Also change the label to which execution jumps when ngbeswinit() fails, because otherwise, it could lead to a double free for rsskey, when the mactable allocation fails in wxswinit().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37874.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/397487338eff1891c4654ce7deaafbf72a1688b2
- https://git.kernel.org/stable/c/7c2b66a31c7a4866400f7e6fb43cb32021bfca01
- https://git.kernel.org/stable/c/8335a3feb9d0d97e5e8f76d38b6bb8573d5b4a29
- https://git.kernel.org/stable/c/88fa80021b77732bc98f73fb69d69c7cc37b9f0d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37874.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-37874
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced02338c484ab6250b81f0266ffb40d53c3efe0f47Fixed7c2b66a31c7a4866400f7e6fb43cb32021bfca01Fixed8335a3feb9d0d97e5e8f76d38b6bb8573d5b4a29Fixed397487338eff1891c4654ce7deaafbf72a1688b2Fixed88fa80021b77732bc98f73fb69d69c7cc37b9f0d
Affected versions
v6.*
v6.1
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.15-rc1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37874.json"
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "drivers/net/ethernet/wangxun/ngbe/ngbe_main.c",
"function": "ngbe_probe"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c2b66a31c7a4866400f7e6fb43cb32021bfca01",
"deprecated": false,
"digest": {
"function_hash": "327458363938467061843412287779964536856",
"length": 4319.0
},
"id": "CVE-2025-37874-03f1b394",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "drivers/net/ethernet/wangxun/ngbe/ngbe_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c2b66a31c7a4866400f7e6fb43cb32021bfca01",
"deprecated": false,
"digest": {
"line_hashes": [
"140462974595532947957909457035472870941",
"217952028566273592417472146589702664671",
"152648932156126390242496186907779496084",
"247518921405719915328835970357793887459",
"261756865256140171570255312291769593685",
"260978059851191179511227686633959239666",
"271964488202356206232565515308368522953",
"199504412728203259434112005742388167011"
],
"threshold": 0.9
},
"id": "CVE-2025-37874-a0181a9e",
"signature_type": "Line"
}
]