CVE-2025-37833 [Medium] | Security Vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writes to other registers are not sufficient to prevent the fatal trap, however the value does not appear to matter. This only needs to happen once after power up, so simply rebooting into a kernel lacking this fix will NOT cause the trap. NON-RESUMABLE ERROR: Reporting on cpu 64 NON-RESUMABLE ERROR: TPC [0x00000000005f6900] <msix_prepare_msi_desc+0x90/0xa0> NON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff NON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000] NON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff] NON-RESUMABLE ERROR: type [precise nonresumable] NON-RESUMABLE ERROR: attrs [0x02000080] < ASI sp-faulted priv > NON-RESUMABLE ERROR: raddr [0xffffffffffffffff] NON-RESUMABLE ERROR: insn effective address [0x000000c50020000c] NON-RESUMABLE ERROR: size [0x8] NON-RESUMABLE ERROR: asi [0x00] CPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63 Workqueue: events work_for_cpu_fn TSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted TPC: <msix_prepare_msi_desc+0x90/0xa0> g0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100 g4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000 o0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620 o4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128 RPC: <__pci_enable_msix_range+0x3cc/0x460> l0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020 l4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734 i0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d i4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0 I7: <niu_try_msix.constprop.0+0xc0/0x130 [niu]> Call Trace: [<00000000101888b0>] niu_try_msix.constprop.0+0xc0/0x130 [niu] [<000000001018f840>] niu_get_invariants+0x183c/0x207c [niu] [<00000000101902fc>] niu_pci_init_one+0x27c/0x2fc [niu] [<00000000005ef3e4>] local_pci_probe+0x28/0x74 [<0000000000469240>] work_for_cpu_fn+0x8/0x1c [<000000000046b008>] process_scheduled_works+0x144/0x210 [<000000000046b518>] worker_thread+0x13c/0x1c0 [<00000000004710e0>] kthread+0xb8/0xc8 [<00000000004060c8>] ret_from_fork+0x1c/0x2c [<0000000000000000>] 0x0 Kernel panic - not syncing: Non-resumable error.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-05-08	—	0.02%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-05-08

—

0.02%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.5

3.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.8

3.6

[email protected]

OS Trackers for CVE-2025-37833

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-37833 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.	https://security-tracker.debian.org/tracker/CVE-2025-37833
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2025-37833
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2025-37833/
`ubuntu`	medium	CVE-2025-37833 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1551 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1145, ignored 165, needed 103, released 102, not-affected 34, needs-triage 2.	https://ubuntu.com/security/CVE-2025-37833

Affected software / configurations for CVE-2025-37833

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 4.4.282, < 4.5	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.9.281, < 4.10	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.14.245, < 4.15	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19.205, < 4.20	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.4.142, < 5.5	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.10.60, < 5.11	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.13.12, < 5.14	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.14.1, < 6.12.26	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.13, < 6.14.5	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.14	cpe:2.3:o:linux:linux_kernel:5.14:-::::::
linux	linux_kernel	5.14	cpe:2.3:o:linux:linux_kernel:5.14:rc6::::::
linux	linux_kernel	5.14	cpe:2.3:o:linux:linux_kernel:5.14:rc7::::::
linux	linux_kernel	6.15	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
linux	linux_kernel	6.15	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::

References for CVE-2025-37833

URL	Tags
https://git.kernel.org/stable/c/64903e4849a71cf7f7c7e5d45225ccefc1280929	Patch
https://git.kernel.org/stable/c/c187aaa9e79b4b6d86ac7ba941e579ad33df5538	Patch
https://git.kernel.org/stable/c/fbb429ddff5c8e479edcc7dde5a542c9295944e6	Patch

URL

CVE-2025-37833 | net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads

Exploit prediction scoring system (EPSS) score for CVE-2025-37833

Common vulnerability scoring system (CVSS) metrics for CVE-2025-37833

Weakness enumeration for CVE-2025-37833

OS Trackers for CVE-2025-37833

Affected software / configurations for CVE-2025-37833

References for CVE-2025-37833