CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37889: PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends

Description

In the Linux kernel, the following vulnerability has been resolved:

PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends

The conversion of the XEN specific global variable pci_msi_ignore_mask to a
MSI domain flag, missed the facts that:

1) Legacy architectures do not provide a interrupt domain
2) Parent MSI domains do not necessarily have a domain info attached

Both cases result in an unconditional NULL pointer dereference. This was
unfortunatly missed in review and testing revealed it late.

Cure this by using the existing pci_msi_domain_supports() helper, which
handles all possible cases correctly.

Classification

CVE ID: CVE-2025-37889

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.64% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37889
https://git.kernel.org/stable/c/46d357520934eef99fa121889f8ebbf46a6eddb8
https://git.kernel.org/stable/c/2e3ad60b8f72a95e3a32ddd9d70ea129aa3fcfb7
https://git.kernel.org/stable/c/3ece3e8e5976c49c3f887e5923f998eabd54ff40

Timeline

2025-05-09 07:40:14 UTC
CVE

PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends