CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37815: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration

Description

In the Linux kernel, the following vulnerability has been resolved:

misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration

Resolve kernel panic while accessing IRQ handler associated with the
generated IRQ. This is done by acquiring the spinlock and storing the
current interrupt state before handling the interrupt request using
generic_handle_irq.

A previous fix patch was submitted where 'generic_handle_irq' was
replaced with 'handle_nested_irq'. However, this change also causes
the kernel panic where after determining which GPIO triggered the
interrupt and attempting to call handle_nested_irq with the mapped
IRQ number, leads to a failure in locating the registered handler.

Classification

CVE ID: CVE-2025-37815

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.72% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37815
https://git.kernel.org/stable/c/1263d5f581908602c618c6665e683c4436383a09
https://git.kernel.org/stable/c/62957f58ab3aa7fa792dc6ff3575624062539a4d
https://git.kernel.org/stable/c/12cc2193f2b9548e8ea5fbce8201b44158222edf
https://git.kernel.org/stable/c/4e02059dc91068bc5017b8546f9ec3b930f6d6a6
https://git.kernel.org/stable/c/18eb77c75ed01439f96ae5c0f33461eb5134b907

Timeline

2025-05-08 07:40:11 UTC
CVE

misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration