CVE-2025-37935 is a vulnerability identified in the Linux kernel's MediaTek Ethernet driver (mtk_eth_soc), specifically affecting systems with 4GB or more of RAM. The issue arises within the mtk_poll_rx() function, which monitors the MTK_RESETTING flag. When this flag is detected, the function jumps to release_desc and attempts to refill the high word of the SDP (Scatter Descriptor Pointer) on the 4GB Receive Frame Buffer (RFB). However, this operation leads to mtk_rx_clean processing an incorrect SDP, which subsequently causes a kernel panic. This vulnerability is rooted in improper handling of descriptor pointers during network packet reception, resulting in system instability and denial of service. The patch to fix this issue was incorporated from MediaTek's SDK, addressing the pointer handling logic to prevent the panic condition. The vulnerability affects specific Linux kernel versions identified by the commit hash 2d75891ebc09ba9cf30697dfd54497ef0220308f. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily in environments running Linux systems with MediaTek Ethernet hardware and 4GB or more RAM, such as embedded devices, network appliances, or servers using this specific driver. The main impact is a denial of service through kernel panic, which can cause system crashes and downtime. This can disrupt critical services, especially in sectors relying on continuous network availability like telecommunications, finance, healthcare, and industrial control systems. Although no remote code execution or privilege escalation is indicated, the forced system reboots or crashes can lead to operational disruptions and potential data loss if systems are not properly backed up or if the crashes occur during critical operations. The lack of known exploits reduces immediate risk, but the vulnerability's presence in widely used Linux kernels means that unpatched systems remain vulnerable to potential future exploitation, especially in targeted attacks against infrastructure using MediaTek Ethernet components.

Organizations should promptly identify Linux systems utilizing the MediaTek Ethernet driver (mtk_eth_soc) with 4GB+ RAM and verify kernel versions against the affected commit. Applying the official patch from MediaTek's SDK or updating to a Linux kernel version that includes the fix is the primary mitigation. Network administrators should monitor system logs for signs of kernel panics related to network drivers. For embedded or specialized devices where kernel updates are challenging, consider isolating affected devices from critical network segments or implementing redundancy to mitigate downtime. Additionally, implement robust backup and recovery procedures to minimize impact from unexpected crashes. Regular vulnerability scanning and inventory management can help identify at-risk systems. Since no known exploits exist, proactive patching is the best defense to prevent potential exploitation.