CVE-2025-37860

MEDIUM

Linux Kernel 6.0-6.14.1 - NULL Pointer Dereference in ef100_process_design_param

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_set_tso_max_size() or _segs() at this point. Move those netif calls to ef100_probe_netdev(), and also replace netif_err within the design params code with pci_err.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/f21623b8446735b5e2ac5f8ee69b8743177d7b19

Patch

https://git.kernel.org/stable/c/e56391011381d6d029da377a65ac314cb3d5def2

Patch

https://git.kernel.org/stable/c/8241ecec1cdc6699ae197d52d58e76bddd995fa5

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 11.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (11)

linux/Kernel 6.0.0 - 6.12.57linux

linux/Kernel 6.13.0 - 6.14.2linux

Linux/Linux < 6.0

Linux/Linux 6.0

Linux/Linux 6.12.57 - 6.12.*

Linux/Linux 6.14.2 - 6.14.*

Linux/Linux 6.15

Linux/Linux 98ff4c7c8ac7f5339aac6114105395fea19f992e - 8241ecec1cdc6699ae197d52d58e76bddd995fa5

Linux/Linux 98ff4c7c8ac7f5339aac6114105395fea19f992e - e56391011381d6d029da377a65ac314cb3d5def2

Linux/Linux 98ff4c7c8ac7f5339aac6114105395fea19f992e - f21623b8446735b5e2ac5f8ee69b8743177d7b19

... and 1 more

Published Apr 18, 2025

Tracked Since Feb 18, 2026