CVE-2025-37860

Summary

In the Linux kernel, the following vulnerability has been resolved:

sfc: fix NULL dereferences in ef100_process_design_param()

Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_set_tso_max_size() or _segs() at this point. Move those netif calls to ef100_probe_netdev(), and also replace netif_err within the design params code with pci_err.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux98ff4c7c8ac7f5339aac6114105395fea19f992e < f21623b8446735b5e2ac5f8ee69b8743177d7b19affected
LinuxLinux98ff4c7c8ac7f5339aac6114105395fea19f992e < e56391011381d6d029da377a65ac314cb3d5def2affected
LinuxLinux98ff4c7c8ac7f5339aac6114105395fea19f992e < 8241ecec1cdc6699ae197d52d58e76bddd995fa5affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.12.57 <= 6.12.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References