Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      CodeSOD: A Unique Way to Primary Key

      July 22, 2025

      BrowserStack launches Figma plugin for detecting accessibility issues in design phase

      July 22, 2025

      Parasoft brings agentic AI to service virtualization in latest release

      July 22, 2025

      Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

      July 21, 2025

      The best CRM software with email marketing in 2025: Expert tested and reviewed

      July 22, 2025

      This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

      July 22, 2025

      I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

      July 22, 2025

      8 ways I quickly leveled up my Linux skills – and you can too

      July 22, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025
      Recent

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025

      Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

      July 22, 2025

      Execute Ping Commands and Get Back Structured Data in PHP

      July 22, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025
      Recent

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025

      “I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

      July 22, 2025

      Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

      July 22, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-37786 – Linux Kernel DSA Net Use-After-Free Vulnerability

    CVE-2025-37786 – Linux Kernel DSA Net Use-After-Free Vulnerability

    May 1, 2025

    CVE ID : CVE-2025-37786

    Published : May 1, 2025, 2:15 p.m. | 1 hour, 10 minutes ago

    Description : In the Linux kernel, the following vulnerability has been resolved:

    net: dsa: free routing table on probe failure

    If complete = true in dsa_tree_setup(), it means that we are the last
    switch of the tree which is successfully probing, and we should be
    setting up all switches from our probe path.

    After “complete” becomes true, dsa_tree_setup_cpu_ports() or any
    subsequent function may fail. If that happens, the entire tree setup is
    in limbo: the first N-1 switches have successfully finished probing
    (doing nothing but having allocated persistent memory in the tree’s
    dst->ports, and maybe dst->rtable), and switch N failed to probe, ending
    the tree setup process before anything is tangible from the user’s PoV.

    If switch N fails to probe, its memory (ports) will be freed and removed
    from dst->ports. However, the dst->rtable elements pointing to its ports,
    as created by dsa_link_touch(), will remain there, and will lead to
    use-after-free if dereferenced.

    If dsa_tree_setup_switches() returns -EPROBE_DEFER, which is entirely
    possible because that is where ds->ops->setup() is, we get a kasan
    report like this:

    ==================================================================
    BUG: KASAN: slab-use-after-free in mv88e6xxx_setup_upstream_port+0x240/0x568
    Read of size 8 at addr ffff000004f56020 by task kworker/u8:3/42

    Call trace:
    __asan_report_load8_noabort+0x20/0x30
    mv88e6xxx_setup_upstream_port+0x240/0x568
    mv88e6xxx_setup+0xebc/0x1eb0
    dsa_register_switch+0x1af4/0x2ae0
    mv88e6xxx_register_switch+0x1b8/0x2a8
    mv88e6xxx_probe+0xc4c/0xf60
    mdio_probe+0x78/0xb8
    really_probe+0x2b8/0x5a8
    __driver_probe_device+0x164/0x298
    driver_probe_device+0x78/0x258
    __device_attach_driver+0x274/0x350

    Allocated by task 42:
    __kasan_kmalloc+0x84/0xa0
    __kmalloc_cache_noprof+0x298/0x490
    dsa_switch_touch_ports+0x174/0x3d8
    dsa_register_switch+0x800/0x2ae0
    mv88e6xxx_register_switch+0x1b8/0x2a8
    mv88e6xxx_probe+0xc4c/0xf60
    mdio_probe+0x78/0xb8
    really_probe+0x2b8/0x5a8
    __driver_probe_device+0x164/0x298
    driver_probe_device+0x78/0x258
    __device_attach_driver+0x274/0x350

    Freed by task 42:
    __kasan_slab_free+0x48/0x68
    kfree+0x138/0x418
    dsa_register_switch+0x2694/0x2ae0
    mv88e6xxx_register_switch+0x1b8/0x2a8
    mv88e6xxx_probe+0xc4c/0xf60
    mdio_probe+0x78/0xb8
    really_probe+0x2b8/0x5a8
    __driver_probe_device+0x164/0x298
    driver_probe_device+0x78/0x258
    __device_attach_driver+0x274/0x350

    The simplest way to fix the bug is to delete the routing table in its
    entirety. dsa_tree_setup_routing_table() has no problem in regenerating
    it even if we deleted links between ports other than those of switch N,
    because dsa_link_touch() first checks whether the port pair already
    exists in dst->rtable, allocating if not.

    The deletion of the routing table in its entirety already exists in
    dsa_tree_teardown(), so refactor that into a function that can also be
    called from the tree setup error path.

    In my analysis of the commit to blame, it is the one which added
    dsa_link elements to dst->rtable. Prior to that, each switch had its own
    ds->rtable which is freed when the switch fails to probe. But the tree
    is potentially persistent memory.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-37783 – Linux Kernel drm/msm Error Pointer Dereference Vulnerability
    Next Article CVE-2025-37782 – Linux HFS slub Out-of-Bounds Write

    Related Posts

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

    July 22, 2025
    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-7393 – Drupal Mail Login Authentication Bypass

    July 22, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Story-Based Social Posts: Designing Narratives for Swipeable Content

    Web Development

    CVE-2025-4559 – Netvision ISOinsight SQL Injection

    Common Vulnerabilities and Exposures (CVEs)

    Concurrency & Asynchronous Programming in Swift [SUBSCRIBER]

    Learning Resources

    Top GitHub Repositories Every CTO Should Keep an Eye On

    Web Development

    Highlights

    CVE-2025-7819 – PHPGurukul Apartment Visitors Management System Cross-Site Scripting

    July 19, 2025

    CVE ID : CVE-2025-7819

    Published : July 19, 2025, 1:15 p.m. | 10 hours, 38 minutes ago

    Description : A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /create-pass.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting. It is possible to initiate the attack remotely.

    Severity: 2.4 | LOW

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands

    July 18, 2025

    CVE-2025-45472 – Apache Autodeploy Privilege Escalation Vulnerability

    May 22, 2025

    CVE-2025-6367 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

    June 20, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.