Use of uninitialized resource in Linux kernel dsa mv88e6xxx driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-37865 |
| CWE-ID | CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of uninitialized resource
EUVDB-ID: #VU108883
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37865
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mv88e6xxx_vtu_get() and mv88e6xxx_mst_put() functions in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.1 - 6.14.3
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.6:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/35cde75c08a1fa1a5ac0467afe2709caceeef002
https://git.kernel.org/stable/c/9da4acbd60664271d34a627f7f63cd5bad8eba74
https://git.kernel.org/stable/c/9ee6d3a368ed34f2457863da3085c676e9e37a3d
https://git.kernel.org/stable/c/afae9087301471970254a9180e5a26d3d8e8af09
https://git.kernel.org/stable/c/ea08dfc35f83cfc73493c52f63ae4f2e29edfe8d
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.25
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
