CVE-2025-37787

MEDIUM

Linux Kernel 5.13-6.14.3 - NULL Pointer Dereference in DSA mv88e6xxx Devlink

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/[email protected]/ The crash seems to be in devlink_region_destroy(), which is not NULL tolerant but is given a NULL devlink global region pointer. At least on some chips, some devlink regions are conditionally registered since the blamed commit, see mv88e6xxx_setup_devlink_regions_global(): if (cond && !cond(chip)) continue; These are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip does not have an STU or PVT, it should crash like this. To fix the issue, avoid unregistering those regions which are NULL, i.e. were skipped at mv88e6xxx_setup_devlink_regions_global() time.

References (7)

Core 7

Scores

CVSS v3 5.5
EPSS 0.0015
EPSS Percentile 4.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (21)
linux/Kernel 5.13.0 - 5.15.181linux
linux/Kernel 5.16.0 - 6.1.135linux
linux/Kernel 6.13.0 - 6.14.4linux
linux/Kernel 6.2.0 - 6.6.88linux
linux/Kernel 6.7.0 - 6.12.25linux
Linux/Linux < 5.13
Linux/Linux 5.13
Linux/Linux 5.15.181 - 5.15.*
Linux/Linux 6.1.135 - 6.1.*
Linux/Linux 6.12.25 - 6.12.*
... and 11 more
Published May 01, 2025
Tracked Since Feb 18, 2026