CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37935: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM

If the mtk_poll_rx() function detects the MTK_RESETTING flag, it will
jump to release_desc and refill the high word of the SDP on the 4GB RFB.
Subsequently, mtk_rx_clean will process an incorrect SDP, leading to a
panic.

Add patch from MediaTek's SDK to resolve this.

Classification

CVE ID: CVE-2025-37935

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.6% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37935
https://git.kernel.org/stable/c/cb625f783f70dc6614f03612b8e64ad99cb0a13c
https://git.kernel.org/stable/c/317013d1ad13524be02d60b9e98f08fbd13f8c14
https://git.kernel.org/stable/c/67619cf69dec5d1d7792808dfa548616742dd51d
https://git.kernel.org/stable/c/6e0490fc36cdac696f96e57b61d93b9ae32e0f4c

Timeline

2025-05-20 17:40:22 UTC
CVE

net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM