Linux Kernel NULL Dereference in sfc Driver: Affected by Design Parameter Issues
CVE-2025-37860

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-37860?

A vulnerability in the Linux kernel related to the sfc driver can lead to NULL dereference issues. Specifically, the ef100_process_design_param function encounters a problem because calls to set parameters are made before the network device is created. This oversight prevents certain network functionalities from being configured properly, which could lead to operational instability. The issue has been addressed in a recent commit, ensuring that netif_set_tso_max_size and other related calls are handled in the appropriate context to prevent these errors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 98ff4c7c8ac7f5339aac6114105395fea19f992e

Linux 98ff4c7c8ac7f5339aac6114105395fea19f992e < 8241ecec1cdc6699ae197d52d58e76bddd995fa5

References

https://git.kernel.org/stable/c/f21623b8446735b5e2ac5f8ee...

https://git.kernel.org/stable/c/e56391011381d6d029da377a6...

https://git.kernel.org/stable/c/8241ecec1cdc6699ae197d52d...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Linux

What is CVE-2025-37860?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.