CVE-2025-37872 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbe_probe() error path When txgbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in txgbe_probe() function, the subsequent error paths after txgbe_sw_init() don't free the rss_key. Fix that by freeing it in error path along with wx->mac_table. Also change the label to which execution jumps when txgbe_sw_init() fails, because otherwise, it could lead to a double free for rss_key, when the mac_table allocation fails in wx_sw_init().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/635863d93deb8e352d63a8eba852efeaf1ac3539
https://git.kernel.org/stable/c/837197a722919f5b0eeb967fe7cb0cc1e83173b9
https://git.kernel.org/stable/c/b2727326d0a53709380aa147018085d71a6d4843
https://lore.kernel.org/linux-cve-announce/2025050959-CVE-2025-37872-6e2f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-37872
https://www.cve.org/CVERecord?id=CVE-2025-37872

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00024}`	epss `{'score': 0.00025}`

Sat, 10 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025050959-CVE-2025-37872-6e2f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-37872 https://www.cve.org/CVERecord?id=CVE-2025-37872
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 09 May 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbe_probe() error path When txgbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in txgbe_probe() function, the subsequent error paths after txgbe_sw_init() don't free the rss_key. Fix that by freeing it in error path along with wx->mac_table. Also change the label to which execution jumps when txgbe_sw_init() fails, because otherwise, it could lead to a double free for rss_key, when the mac_table allocation fails in wx_sw_init().
Title		net: txgbe: fix memory leak in txgbe_probe() error path
References		https://git.kernel.org/stable/c/635863d93deb8e352d63a8eba852efeaf1ac3539 https://git.kernel.org/stable/c/837197a722919f5b0eeb967fe7cb0cc1e83173b9 https://git.kernel.org/stable/c/b2727326d0a53709380aa147018085d71a6d4843

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-09T06:44:00.570Z

Updated: 2025-05-26T05:22:44.938Z

Reserved: 2025-04-16T04:51:23.959Z

Link: CVE-2025-37872

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-09T07:16:08.323

Modified: 2025-05-12T17:32:32.760

Link: CVE-2025-37872

Redhat

Severity : Moderate

Publid Date: 2025-05-09T00:00:00Z

Links: CVE-2025-37872 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object