CVE-2025-37917: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock and spin_unlock in mtk_star_emac driver to avoid spinlock recursion occurrence that can happen when enabling the DMA interrupts again in rx/tx poll. ``` BUG: spinlock recursion on CPU#0, swapper/0/0 lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0, .owner_cpu: 0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT Hardware name: MediaTek MT8365 Open Platform EVK (DT) Call trace: show_stack+0x18/0x24 (C) dump_stack_lvl+0x60/0x80 dump_stack+0x18/0x24 spin_dump+0x78/0x88 do_raw_spin_lock+0x11c/0x120 _raw_spin_lock+0x20/0x2c mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac] __handle_irq_event_percpu+0x48/0x140 handle_irq_event+0x4c/0xb0 handle_fasteoi_irq+0xa0/0x1bc handle_irq_desc+0x34/0x58 generic_handle_domain_irq+0x1c/0x28 gic_handle_irq+0x4c/0x120 do_interrupt_handler+0x50/0x84 el1_interrupt+0x34/0x68 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x6c/0x70 regmap_mmio_read32le+0xc/0x20 (P) _regmap_bus_reg_read+0x6c/0xac _regmap_read+0x60/0xdc regmap_read+0x4c/0x80 mtk_star_rx_poll+0x2f4/0x39c [mtk_star_emac] __napi_poll+0x38/0x188 net_rx_action+0x164/0x2c0 handle_softirqs+0x100/0x244 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x20 call_on_irq_stack+0x24/0x64 do_softirq_own_stack+0x1c/0x40 __irq_exit_rcu+0xd4/0x10c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x68 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x6c/0x70 cpuidle_enter_state+0xac/0x320 (P) cpuidle_enter+0x38/0x50 do_idle+0x1e4/0x260 cpu_startup_entry+0x34/0x3c rest_init+0xdc/0xe0 console_on_rootfs+0x0/0x6c __primary_switched+0x88/0x90 ```
AI Analysis
Technical Summary
CVE-2025-37917 is a vulnerability identified in the Linux kernel specifically within the MediaTek Star EMAC (Ethernet MAC) driver, known as mtk-star-emac. The issue arises from improper handling of spinlocks during the receive (rx) and transmit (tx) polling operations. The driver uses spin_lock and spin_unlock primitives where spin_lock_irqsave and spin_unlock_irqrestore should be used. This improper locking mechanism can lead to spinlock recursion, a condition where the same CPU attempts to acquire a spinlock it already holds, causing a kernel BUG and potential system instability or crash. The problem manifests when DMA interrupts are re-enabled during rx/tx polling, triggering recursive locking attempts that the kernel detects and flags as a critical error. The provided kernel stack trace illustrates the failure occurring on CPU0 in the swapper process, highlighting the recursive lock acquisition in the mtk_star_handle_irq function and subsequent interrupt handling routines. This vulnerability is rooted in concurrency control within the kernel's network driver code and affects Linux kernel versions containing the vulnerable mtk-star-emac driver implementation. While no known exploits are reported in the wild, the flaw can cause denial of service (DoS) by crashing or halting the kernel, impacting system availability. The fix involves replacing spin_lock and spin_unlock calls with their irqsave/irqrestore variants to properly manage interrupt states and prevent recursion. This vulnerability is particularly relevant for systems running Linux on MediaTek MT8365 or similar platforms using the affected driver. Given that the Linux kernel is widely deployed across servers, embedded devices, and network infrastructure, this flaw could impact a range of devices using the MediaTek Ethernet controller. However, exploitation requires triggering specific interrupt and polling conditions, and no authentication or user interaction is needed to cause the kernel panic once the vulnerable driver is active.
Potential Impact
For European organizations, the primary impact of CVE-2025-37917 is a potential denial of service due to kernel crashes on affected Linux systems running MediaTek-based Ethernet hardware. This can disrupt network connectivity and availability of critical services, especially in embedded systems, IoT devices, or network appliances that rely on the mtk-star-emac driver. Enterprises using Linux-based infrastructure with MediaTek Ethernet controllers in routers, gateways, or specialized hardware may experience unexpected downtime or degraded network performance. While the vulnerability does not directly expose confidentiality or integrity risks, the loss of availability can affect business continuity, particularly in sectors dependent on stable network operations such as telecommunications, manufacturing automation, and critical infrastructure. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or maliciously induced kernel panics. European organizations with supply chains or hardware vendors utilizing MediaTek platforms should prioritize assessing their exposure. The impact is more pronounced in environments where high availability is critical and where embedded Linux devices form part of the operational technology or network edge.
Mitigation Recommendations
1. Apply the official Linux kernel patches that replace spin_lock/spin_unlock with spin_lock_irqsave/spin_unlock_irqrestore in the mtk-star-emac driver as soon as they are released and integrated into distributions. 2. Identify and inventory all Linux systems using MediaTek MT8365 or similar hardware with the vulnerable Ethernet driver to prioritize patch deployment. 3. For embedded or IoT devices where kernel updates are challenging, coordinate with hardware vendors or device manufacturers to obtain updated firmware or kernel images containing the fix. 4. Implement monitoring for kernel panics or unexpected reboots on affected devices to detect potential exploitation or accidental triggering of the vulnerability. 5. Where possible, isolate vulnerable devices from critical network segments to limit impact if a DoS occurs. 6. Engage with Linux distribution maintainers and hardware vendors to ensure timely communication and patch availability. 7. Consider deploying kernel live patching solutions if supported by the environment to reduce downtime during patch application. 8. Conduct thorough testing of patched kernels in staging environments to confirm stability before production rollout, especially for embedded systems.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Finland, Belgium
CVE-2025-37917: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock and spin_unlock in mtk_star_emac driver to avoid spinlock recursion occurrence that can happen when enabling the DMA interrupts again in rx/tx poll. ``` BUG: spinlock recursion on CPU#0, swapper/0/0 lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0, .owner_cpu: 0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT Hardware name: MediaTek MT8365 Open Platform EVK (DT) Call trace: show_stack+0x18/0x24 (C) dump_stack_lvl+0x60/0x80 dump_stack+0x18/0x24 spin_dump+0x78/0x88 do_raw_spin_lock+0x11c/0x120 _raw_spin_lock+0x20/0x2c mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac] __handle_irq_event_percpu+0x48/0x140 handle_irq_event+0x4c/0xb0 handle_fasteoi_irq+0xa0/0x1bc handle_irq_desc+0x34/0x58 generic_handle_domain_irq+0x1c/0x28 gic_handle_irq+0x4c/0x120 do_interrupt_handler+0x50/0x84 el1_interrupt+0x34/0x68 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x6c/0x70 regmap_mmio_read32le+0xc/0x20 (P) _regmap_bus_reg_read+0x6c/0xac _regmap_read+0x60/0xdc regmap_read+0x4c/0x80 mtk_star_rx_poll+0x2f4/0x39c [mtk_star_emac] __napi_poll+0x38/0x188 net_rx_action+0x164/0x2c0 handle_softirqs+0x100/0x244 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x20 call_on_irq_stack+0x24/0x64 do_softirq_own_stack+0x1c/0x40 __irq_exit_rcu+0xd4/0x10c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x68 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x6c/0x70 cpuidle_enter_state+0xac/0x320 (P) cpuidle_enter+0x38/0x50 do_idle+0x1e4/0x260 cpu_startup_entry+0x34/0x3c rest_init+0xdc/0xe0 console_on_rootfs+0x0/0x6c __primary_switched+0x88/0x90 ```
AI-Powered Analysis
Technical Analysis
CVE-2025-37917 is a vulnerability identified in the Linux kernel specifically within the MediaTek Star EMAC (Ethernet MAC) driver, known as mtk-star-emac. The issue arises from improper handling of spinlocks during the receive (rx) and transmit (tx) polling operations. The driver uses spin_lock and spin_unlock primitives where spin_lock_irqsave and spin_unlock_irqrestore should be used. This improper locking mechanism can lead to spinlock recursion, a condition where the same CPU attempts to acquire a spinlock it already holds, causing a kernel BUG and potential system instability or crash. The problem manifests when DMA interrupts are re-enabled during rx/tx polling, triggering recursive locking attempts that the kernel detects and flags as a critical error. The provided kernel stack trace illustrates the failure occurring on CPU0 in the swapper process, highlighting the recursive lock acquisition in the mtk_star_handle_irq function and subsequent interrupt handling routines. This vulnerability is rooted in concurrency control within the kernel's network driver code and affects Linux kernel versions containing the vulnerable mtk-star-emac driver implementation. While no known exploits are reported in the wild, the flaw can cause denial of service (DoS) by crashing or halting the kernel, impacting system availability. The fix involves replacing spin_lock and spin_unlock calls with their irqsave/irqrestore variants to properly manage interrupt states and prevent recursion. This vulnerability is particularly relevant for systems running Linux on MediaTek MT8365 or similar platforms using the affected driver. Given that the Linux kernel is widely deployed across servers, embedded devices, and network infrastructure, this flaw could impact a range of devices using the MediaTek Ethernet controller. However, exploitation requires triggering specific interrupt and polling conditions, and no authentication or user interaction is needed to cause the kernel panic once the vulnerable driver is active.
Potential Impact
For European organizations, the primary impact of CVE-2025-37917 is a potential denial of service due to kernel crashes on affected Linux systems running MediaTek-based Ethernet hardware. This can disrupt network connectivity and availability of critical services, especially in embedded systems, IoT devices, or network appliances that rely on the mtk-star-emac driver. Enterprises using Linux-based infrastructure with MediaTek Ethernet controllers in routers, gateways, or specialized hardware may experience unexpected downtime or degraded network performance. While the vulnerability does not directly expose confidentiality or integrity risks, the loss of availability can affect business continuity, particularly in sectors dependent on stable network operations such as telecommunications, manufacturing automation, and critical infrastructure. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or maliciously induced kernel panics. European organizations with supply chains or hardware vendors utilizing MediaTek platforms should prioritize assessing their exposure. The impact is more pronounced in environments where high availability is critical and where embedded Linux devices form part of the operational technology or network edge.
Mitigation Recommendations
1. Apply the official Linux kernel patches that replace spin_lock/spin_unlock with spin_lock_irqsave/spin_unlock_irqrestore in the mtk-star-emac driver as soon as they are released and integrated into distributions. 2. Identify and inventory all Linux systems using MediaTek MT8365 or similar hardware with the vulnerable Ethernet driver to prioritize patch deployment. 3. For embedded or IoT devices where kernel updates are challenging, coordinate with hardware vendors or device manufacturers to obtain updated firmware or kernel images containing the fix. 4. Implement monitoring for kernel panics or unexpected reboots on affected devices to detect potential exploitation or accidental triggering of the vulnerability. 5. Where possible, isolate vulnerable devices from critical network segments to limit impact if a DoS occurs. 6. Engage with Linux distribution maintainers and hardware vendors to ensure timely communication and patch availability. 7. Consider deploying kernel live patching solutions if supported by the environment to reduce downtime during patch application. 8. Conduct thorough testing of patched kernels in staging environments to confirm stability before production rollout, especially for embedded systems.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.967Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682cd0f71484d88663aeaf79
Added to database: 5/20/2025, 6:59:03 PM
Last enriched: 7/4/2025, 1:28:01 AM
Last updated: 8/3/2025, 1:12:57 AM
Views: 17
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.