CVE-2025-37933

octeon_ep: Fix host hang issue during device reboot

Description

In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device, the driver calls the device-specific ndo_stop function, which frees the resources. If the driver is unloaded in this scenario, it calls ndo_stop again, attempting to free resources that have already been freed, leading to a host hang issue. To resolve this, dev_close should be called instead of the device-specific stop function.dev_close internally calls ndo_stop to stop the network interface and performs additional cleanup tasks. During the driver unload process, if the device is already down, ndo_stop is not called.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7e1ca1bed3f66e00377f7d2147be390144924276
https://git.kernel.org/stable/c/c8d788f800f83b94d9db8b3dacc1d26be38a6ef4
https://git.kernel.org/stable/c/6d1052423518e7d0aece9af5e77bbc324face8f1
https://git.kernel.org/stable/c/34f42736b325287a7b2ce37e415838f539767bda

Frequently Asked Questions

What is the severity of CVE-2025-37933?
CVE-2025-37933 has not yet been assigned a CVSS score.
How to fix CVE-2025-37933?
To fix CVE-2025-37933, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37933 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37933 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37933?
CVE-2025-37933 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.