PCI/MSI Vulnerability in Linux Kernel Affecting Multiple Architectures
CVE-2025-37889

Currently unrated

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
9 May 2025

Summary

A vulnerability in the Linux kernel's handling of the PCI/MSI framework could lead to a NULL pointer dereference due to improper flag management. Specifically, the conversion of the XEN specific global variable pci_msi_ignore_mask into an MSI domain flag did not account for legacy architectures lacking an interrupt domain and the potential absence of domain info in parent MSI domains. This oversight can cause system instability and crashes in affected environments. The issue has been addressed by implementing the pci_msi_domain_supports() helper, which ensures correct handling across all scenarios.

Affected Version(s)

Linux aad12468967b332f696bee6666754a8fe4831ddd < 46d357520934eef99fa121889f8ebbf46a6eddb8

Linux 9e154033f51467f9ebaf87ba4ac2115241caa865 < 2e3ad60b8f72a95e3a32ddd9d70ea129aa3fcfb7

Linux c3164d2e0d181027da8fc94f8179d8607c3d440f < 3ece3e8e5976c49c3f887e5923f998eabd54ff40

References

https://git.kernel.org/stable/c/46d357520934eef99fa121889...
https://git.kernel.org/stable/c/2e3ad60b8f72a95e3a32ddd9d...
https://git.kernel.org/stable/c/3ece3e8e5976c49c3f887e592...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-37889 : PCI/MSI Vulnerability in Linux Kernel Affecting Multiple Architectures | SecurityVulnerability.io