CVE-2025-37791

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.0

Description A vulnerability in the Linux kernel has been resolved, related to the ethtool cmis cdb module. The issue arises from using the incorrect size of the rpl pointer in the ethtool cmis module poll() function, which can cause stack corruption. This corruption can lead to a kernel panic, as indicated by a stack-protector error message. The vulnerability is associated with the ethtool cmis wait for cond() function and can be triggered during the execution of ethtool cmis cdb execute cmd() and other related functions.

Recommendations For Linux kernel versions prior to 6.11.0, update to version 6.11.0 or later to resolve the issue. As a temporary workaround, consider disabling the ethtool cmis module poll() function until a patch is available. Restrict access to the ethtool module to minimize the risk of exploitation. Avoid using the rpl pointer in the affected API endpoints until the issue is resolved.