PCI/MSI Vulnerability in Linux Kernel Affecting Multiple Architectures
CVE-2025-37889

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 May 2025

What is CVE-2025-37889?

A vulnerability in the Linux kernel's handling of the PCI/MSI framework could lead to a NULL pointer dereference due to improper flag management. Specifically, the conversion of the XEN specific global variable pci_msi_ignore_mask into an MSI domain flag did not account for legacy architectures lacking an interrupt domain and the potential absence of domain info in parent MSI domains. This oversight can cause system instability and crashes in affected environments. The issue has been addressed by implementing the pci_msi_domain_supports() helper, which ensures correct handling across all scenarios.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux c11fc224e58e7972ffd05b8f25e9b1d6a0b8d562

Linux a50562146d6c7650029a115c96ef9aaa7648c344 < 694110bc2407a61f02a770cbb5f39b51e4ec77c6

Linux 395e52b7a1ad01e1b51adb09854a0aa5347428de < 544055329560d4b64fe204fc6be325ebc24c72ca

References

https://git.kernel.org/stable/c/c402f184a053c8e7ca325e50f...
https://git.kernel.org/stable/c/694110bc2407a61f02a770cbb...
https://git.kernel.org/stable/c/544055329560d4b64fe204fc6...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.