Linux Kernel Vulnerability in mv88e6xxx Switch Chip Affecting Bridge VLAN Deletion
CVE-2025-37865

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 May 2025

What is CVE-2025-37865?

A flaw has been identified in the Linux kernel affecting the mv88e6xxx switch chip during the deletion of bridge VLANs. The issue arises when the user port attempts to remove a VLAN that does not support Multiple Spanning Tree (MST), leading to a failure denoted by -ENOENT. The underlying cause is that the VLAN’s identification (sid) is not correctly populated in certain chip implementations, resulting in the invocation of uninitialized memory. The fix involves adding a guard condition to handle the absence of MST support correctly, thereby preventing erroneous behavior when VLANs are managed in environments that do not support the required protocols.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux acaf4d2e36b3466334af4d3ee6ac254c3316165c < 35cde75c08a1fa1a5ac0467afe2709caceeef002

Linux acaf4d2e36b3466334af4d3ee6ac254c3316165c

Linux acaf4d2e36b3466334af4d3ee6ac254c3316165c < 9ee6d3a368ed34f2457863da3085c676e9e37a3d

References

https://git.kernel.org/stable/c/35cde75c08a1fa1a5ac0467af...
https://git.kernel.org/stable/c/afae9087301471970254a9180...
https://git.kernel.org/stable/c/9ee6d3a368ed34f2457863da3...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.