Name | CVE-2025-37787 |
Description | In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/ The crash seems to be in devlink_region_destroy(), which is not NULL tolerant but is given a NULL devlink global region pointer. At least on some chips, some devlink regions are conditionally registered since the blamed commit, see mv88e6xxx_setup_devlink_regions_global(): if (cond && !cond(chip)) continue; These are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip does not have an STU or PVT, it should crash like this. To fix the issue, avoid unregistering those regions which are NULL, i.e. were skipped at mv88e6xxx_setup_devlink_regions_global() time. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-4193-1 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
linux (PTS) | bullseye | 5.10.223-1 | fixed |
bullseye (security) | 5.10.237-1 | fixed | |
bookworm | 6.1.137-1 | fixed | |
bookworm (security) | 6.1.140-1 | fixed | |
trixie | 6.12.27-1 | fixed | |
sid | 6.12.30-1 | fixed | |
linux-6.1 (PTS) | bullseye (security) | 6.1.137-1~deb11u1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
linux | source | bullseye | (not affected) | |||
linux | source | bookworm | 6.1.135-1 | |||
linux | source | (unstable) | 6.12.25-1 | |||
linux-6.1 | source | bullseye | 6.1.137-1~deb11u1 | DLA-4193-1 |
[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/c84f6ce918a9e6f4996597cbc62536bbf2247c96 (6.15-rc3)