CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37912: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()

Description

In the Linux kernel, the following vulnerability has been resolved:

ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()

As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI
pointer values"), we need to perform a null pointer check on the return
value of ice_get_vf_vsi() before using it.

Classification

CVE ID: CVE-2025-37912

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 17.55% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37912
https://git.kernel.org/stable/c/a32dcc3b8293600ddc4024731b4d027d4de061a4
https://git.kernel.org/stable/c/0561f2e374c3732b90e50f0a244791a4308ec67e
https://git.kernel.org/stable/c/eae60cfe25d022d7f0321dba4cc23ad8e87ade48
https://git.kernel.org/stable/c/073791e9cfe6e4a11a6d85816ba87b1aa207493e
https://git.kernel.org/stable/c/f68237982dc012230550f4ecf7ce286a9c37ddc9
https://git.kernel.org/stable/c/425c5f266b2edeee0ce16fedd8466410cdcfcfe3

Timeline

2025-05-20 16:40:15 UTC
CVE

ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()