Linux Kernel NULL Dereference in sfc Driver: Affected by Design Parameter Issues

CVE-2025-37860

Summary

A vulnerability in the Linux kernel related to the sfc driver can lead to NULL dereference issues. Specifically, the ef100_process_design_param function encounters a problem because calls to set parameters are made before the network device is created. This oversight prevents certain network functionalities from being configured properly, which could lead to operational instability. The issue has been addressed in a recent commit, ensuring that netif_set_tso_max_size and other related calls are handled in the appropriate context to prevent these errors.

References