CVE-2025-37935

If the mtkpollrx() function detects the MTKRESETTING flag, it will jump to releasedesc and refill the high word of the SDP on the 4GB RFB. Subsequently, mtkrxclean will process an incorrect SDP, leading to a panic.

Add patch from MediaTek's SDK to resolve this.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2d75891ebc09ba9cf30697dfd54497ef0220308f

Fixed

cb625f783f70dc6614f03612b8e64ad99cb0a13c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2d75891ebc09ba9cf30697dfd54497ef0220308f

Fixed

317013d1ad13524be02d60b9e98f08fbd13f8c14

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2d75891ebc09ba9cf30697dfd54497ef0220308f

Fixed

67619cf69dec5d1d7792808dfa548616742dd51d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2d75891ebc09ba9cf30697dfd54497ef0220308f

Fixed

6e0490fc36cdac696f96e57b61d93b9ae32e0f4c

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.14.1

v6.14.2

v6.14.3

v6.14.4

v6.14.5

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.5

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.87

v6.6.88

v6.6.89

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e0490fc36cdac696f96e57b61d93b9ae32e0f4c",
        "id": "CVE-2025-37935-0ca002c3",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "mtk_poll_rx",
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "length": 4884.0,
            "function_hash": "18147033941955547210638957162167319939"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb625f783f70dc6614f03612b8e64ad99cb0a13c",
        "id": "CVE-2025-37935-162481e4",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "mtk_poll_rx",
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "length": 4757.0,
            "function_hash": "290326286890341652403096123688054459254"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb625f783f70dc6614f03612b8e64ad99cb0a13c",
        "id": "CVE-2025-37935-2ddbe46f",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183929682835872857327563942571901599191",
                "293500895813431837037845763056346197974",
                "20670895419560271799149892195681644601",
                "197991089947081300696331178384291154411",
                "128754064612940454956673947734520497250",
                "66600852174621728089608405256465287890",
                "175450865312131412395948144380039192173",
                "94363416130493686446966176720964588577",
                "98216581836360107933308990136712252383",
                "127099413377586042244211548574334796619",
                "101145617446118391277009333412260380737"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@67619cf69dec5d1d7792808dfa548616742dd51d",
        "id": "CVE-2025-37935-81f83308",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "mtk_poll_rx",
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "length": 4807.0,
            "function_hash": "137291400386641213735536129643281993596"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e0490fc36cdac696f96e57b61d93b9ae32e0f4c",
        "id": "CVE-2025-37935-913a2ae0",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183929682835872857327563942571901599191",
                "293500895813431837037845763056346197974",
                "20670895419560271799149892195681644601",
                "197991089947081300696331178384291154411",
                "128754064612940454956673947734520497250",
                "66600852174621728089608405256465287890",
                "175450865312131412395948144380039192173",
                "94363416130493686446966176720964588577",
                "98216581836360107933308990136712252383",
                "127099413377586042244211548574334796619",
                "101145617446118391277009333412260380737"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@317013d1ad13524be02d60b9e98f08fbd13f8c14",
        "id": "CVE-2025-37935-a6f010ba",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183929682835872857327563942571901599191",
                "293500895813431837037845763056346197974",
                "20670895419560271799149892195681644601",
                "197991089947081300696331178384291154411",
                "128754064612940454956673947734520497250",
                "66600852174621728089608405256465287890",
                "175450865312131412395948144380039192173",
                "94363416130493686446966176720964588577",
                "98216581836360107933308990136712252383",
                "127099413377586042244211548574334796619",
                "101145617446118391277009333412260380737"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@67619cf69dec5d1d7792808dfa548616742dd51d",
        "id": "CVE-2025-37935-d658fbe0",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183929682835872857327563942571901599191",
                "293500895813431837037845763056346197974",
                "20670895419560271799149892195681644601",
                "197991089947081300696331178384291154411",
                "128754064612940454956673947734520497250",
                "66600852174621728089608405256465287890",
                "175450865312131412395948144380039192173",
                "94363416130493686446966176720964588577",
                "98216581836360107933308990136712252383",
                "127099413377586042244211548574334796619",
                "101145617446118391277009333412260380737"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@317013d1ad13524be02d60b9e98f08fbd13f8c14",
        "id": "CVE-2025-37935-ecf22ff2",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "mtk_poll_rx",
            "file": "drivers/net/ethernet/mediatek/mtk_eth_soc.c"
        },
        "digest": {
            "length": 4805.0,
            "function_hash": "263265861070704851328217390041939283034"
        },
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.90

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.28

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.14.6