CVE-2025-37875 is a vulnerability identified in the Linux kernel's igc network driver, which manages Intel Gigabit Ethernet controllers. The flaw relates to the Precision Time Measurement (PTM) cycle trigger logic. Specifically, writing to clear the PTM status 'valid' bit while a PTM cycle is triggered leads to unreliable PTM operation. This can cause the PHC2SYS utility, which synchronizes system clocks using the PTP hardware clock, to fail with a timeout error during PTM transactions. Additionally, the vulnerability causes a hang during the igc driver's probe phase in the kdump kernel environment, which is used for crash dump collection. This hang occurs because when a system crash happens while PTM trigger is enabled, the NIC hardware enters a faulty busmaster state and becomes unresponsive to register reads/writes. Consequently, the driver probing process stalls, breaking the kdump functionality and potentially impeding post-crash diagnostics. The patch for this vulnerability modifies the igc driver to keep PTM trigger disabled most of the time, enabling it only briefly (10-100 microseconds) during manual PTM cycle triggers. This significantly reduces the likelihood of a crash occurring during an active PTM trigger, mitigating the risk of NIC busmaster lockup and driver hangs. The vulnerability can be reproduced using the command "sudo phc2sys -R 1000 -O 0 -i tsn0 -m", which forces rapid PTM cycles and triggers the failure. No known exploits are reported in the wild, and the issue primarily affects systems using the igc driver with PTM support enabled. The vulnerability impacts system stability and reliability, particularly in environments relying on precise time synchronization and crash dump collection.

For European organizations, this vulnerability poses risks primarily to infrastructure relying on Linux systems with Intel Gigabit Ethernet controllers using the igc driver and PTM features. The failure of PTM cycles can degrade time synchronization accuracy, which is critical for telecommunications, financial trading platforms, industrial automation, and other time-sensitive applications prevalent in Europe. More critically, the hang during driver probing in the kdump kernel can prevent successful crash dump collection, hindering root cause analysis and recovery efforts after system failures. This can increase downtime and complicate incident response in enterprise and data center environments. Organizations with high availability requirements or those operating critical infrastructure may face operational disruptions. Although no direct remote code execution or data breach is indicated, the reliability and availability impacts can indirectly affect confidentiality and integrity by delaying detection and remediation of other issues. The vulnerability is less likely to be exploited for direct attacks but can be leveraged in targeted scenarios to cause denial of service or complicate forensic investigations.

European organizations should ensure that Linux kernel versions are updated to include the patch that disables PTM trigger except during brief manual triggers. Specifically, kernel updates containing the fix for CVE-2025-37875 should be applied promptly on all affected systems. Network administrators should audit systems using the igc driver and verify PTM usage, disabling PTM features if not required to reduce exposure. For systems relying on PTM for time synchronization, consider alternative synchronization methods or hardware that do not exhibit this issue until patched. Additionally, testing crash dump mechanisms post-patch is recommended to confirm that kdump functionality is restored. Monitoring for unusual time synchronization errors or driver hangs can help detect attempts to trigger the vulnerability. In environments where patching is delayed, implementing system-level watchdogs or automated recovery scripts to handle potential hangs may reduce downtime. Coordination with hardware vendors for firmware updates or advisories related to NIC busmaster behavior is also advisable.