CVE-2025-37833

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.5

Description A vulnerability in the Linux kernel has been resolved, specifically in the net/niu component. The issue arises when the MSIX ENTRY DATA fields are not touched before entry reads, causing a fatal trap on sparc systems. To work around a bug in the hardware or firmware, the PCI DEV FLAGS MSIX TOUCH ENTRY DATA FIRST flag is set on the struct pci dev. The vulnerability occurs when any registers in a vector entry are read before the ENTRY DATA register is written to, resulting in a non-resumable error. Testing indicates that writing to other registers is not sufficient to prevent the fatal trap. This issue only needs to happen once after power-up, and simply rebooting into a kernel lacking this fix will not cause the trap.

Recommendations For Linux kernel version 6.11.5 and earlier, update to a newer version that includes the fix for this issue. As a temporary workaround, consider disabling the niu try msix() function until a patch is available. Restrict access to the vulnerable msix prepare msi desc() function to minimize the risk of exploitation. Avoid using the ENTRY DATA register in the affected msix table until the issue is resolved.