Resource management error in Linux kernel intel igc driver



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-37875
CWE-ID CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU108894

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37875

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the igc_ptm_log_error(), igc_phc_get_syncdevicetime(), igc_ptp_stop() and igc_ptp_reset() functions in drivers/net/ethernet/intel/igc/igc_ptp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12 - 6.12.24

CPE2.3 External links

https://git.kernel.org/stable/c/0c03e4fbe1321697d9d04587e21e416705e1b19f
https://git.kernel.org/stable/c/16194ca3f3b4448a062650c869a7b3b206c6f5d3
https://git.kernel.org/stable/c/31959e06143692f7e02b8eef7d7d6ac645637906
https://git.kernel.org/stable/c/8e404ad95d2c10c261e2ef6992c7c12dde03df0e
https://git.kernel.org/stable/c/c1f174edaccc5a00f8e218c42a0aa9156efd5f76
https://git.kernel.org/stable/c/f3516229cd12dcd45f23ed01adab17e8772b1bd5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.25


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###