CVE-2025-37860

low-risk

Published 2025-04-18

In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_set_tso_max_size() or _segs() at this point. Move those netif calls to ef100_probe_netdev(), and also replace netif_err within the design params code with pci_err.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (3)

Patch https://git.kernel.org/stable/c/8241ecec1cdc6699ae197d52d58e76bddd995fa5

Patch https://git.kernel.org/stable/c/e56391011381d6d029da377a65ac314cb3d5def2

https://git.kernel.org/stable/c/f21623b8446735b5e2ac5f8ee69b8743177d7b19

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal