{"id":"CVE-2025-37787","summary":"net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered\n\nRussell King reports that a system with mv88e6xxx dereferences a NULL\npointer when unbinding this driver:\nhttps://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/\n\nThe crash seems to be in devlink_region_destroy(), which is not NULL\ntolerant but is given a NULL devlink global region pointer.\n\nAt least on some chips, some devlink regions are conditionally registered\nsince the blamed commit, see mv88e6xxx_setup_devlink_regions_global():\n\n\t\tif (cond && !cond(chip))\n\t\t\tcontinue;\n\nThese are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip\ndoes not have an STU or PVT, it should crash like this.\n\nTo fix the issue, avoid unregistering those regions which are NULL, i.e.\nwere skipped at mv88e6xxx_setup_devlink_regions_global() time.","modified":"2026-04-02T12:47:27.726428Z","published":"2025-05-01T13:07:21.593Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37787.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3665695e3572239dc233216f06b41f40cc771889"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f5e95945bb1e08be7655da6acba648274db457d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8ccdf5e24b276848eefb2755e05ff0f005a0c4a1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b3c70dfe51f10df60db2646c08cebd24bcdc5247"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bbb80f004f7a90c3dcaacc982c59967457254a05"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c84f6ce918a9e6f4996597cbc62536bbf2247c96"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37787.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37787"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"836021a2d0e0e4c90b895a35bd9c0342071855fb"},{"fixed":"8ccdf5e24b276848eefb2755e05ff0f005a0c4a1"},{"fixed":"b3c70dfe51f10df60db2646c08cebd24bcdc5247"},{"fixed":"bbb80f004f7a90c3dcaacc982c59967457254a05"},{"fixed":"3665695e3572239dc233216f06b41f40cc771889"},{"fixed":"5f5e95945bb1e08be7655da6acba648274db457d"},{"fixed":"c84f6ce918a9e6f4996597cbc62536bbf2247c96"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37787.json"}}],"schema_version":"1.7.5"}