CVE-2025-37895

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the bnxt en driver. The issue occurs when the bnxt init chip() function fails, triggering a WARN ON() in flush work() because cancel work sync() is called on uninitialized dim work. The driver relies on the BNXT STATE NAPI DISABLED bit to check if dim work has been cancelled, but this bit is not set during the bnxt open() path, causing the error. The fix involves setting BNXT STATE NAPI DISABLED during initialization, which will be cleared when NAPI is enabled and dim work is initialized.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

BDU:2025-12243

CVE-2025-37895

USN-7649-1

USN-7649-2

USN-7650-1

USN-7665-1

USN-7665-2

USN-7721-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-37895

Weakness Enumeration

Related Identifiers

Affected Products

References · 144