Linux Kernel Vulnerability in mv88e6xxx Switch Chip Affecting Bridge VLAN Deletion
CVE-2025-37865

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 May 2025

Summary

A flaw has been identified in the Linux kernel affecting the mv88e6xxx switch chip during the deletion of bridge VLANs. The issue arises when the user port attempts to remove a VLAN that does not support Multiple Spanning Tree (MST), leading to a failure denoted by -ENOENT. The underlying cause is that the VLAN’s identification (sid) is not correctly populated in certain chip implementations, resulting in the invocation of uninitialized memory. The fix involves adding a guard condition to handle the absence of MST support correctly, thereby preventing erroneous behavior when VLANs are managed in environments that do not support the required protocols.

Affected Version(s)

Linux acaf4d2e36b3466334af4d3ee6ac254c3316165c < 35cde75c08a1fa1a5ac0467afe2709caceeef002

Linux acaf4d2e36b3466334af4d3ee6ac254c3316165c

Linux acaf4d2e36b3466334af4d3ee6ac254c3316165c < 9ee6d3a368ed34f2457863da3085c676e9e37a3d

References

https://git.kernel.org/stable/c/35cde75c08a1fa1a5ac0467af...

https://git.kernel.org/stable/c/afae9087301471970254a9180...

https://git.kernel.org/stable/c/9ee6d3a368ed34f2457863da3...

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Apr 16, 2025