CVE-2025-37833 in Linux
Summary
by MITRE • 05/08/2025
In the Linux kernel, the following vulnerability has been resolved:
net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
Fix niu_try_msix() to not cause a fatal trap on sparc systems.
Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware.
For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writes to other registers are not sufficient to prevent the fatal trap, however the value does not appear to matter. This only needs to happen once after power up, so simply rebooting into a kernel lacking this fix will NOT cause the trap.
NON-RESUMABLE ERROR: Reporting on cpu 64 NON-RESUMABLE ERROR: TPC [0x00000000005f6900] <msix_prepare_msi_desc+0x90/0xa0>
NON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff
NON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000] NON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]
NON-RESUMABLE ERROR: type [precise nonresumable]
NON-RESUMABLE ERROR: attrs [0x02000080] < ASI sp-faulted priv >
NON-RESUMABLE ERROR: raddr [0xffffffffffffffff]
NON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]
NON-RESUMABLE ERROR: size [0x8]
NON-RESUMABLE ERROR: asi [0x00]
CPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63 Workqueue: events work_for_cpu_fn TSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted TPC: <msix_prepare_msi_desc+0x90/0xa0> g0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100 g4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000 o0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620 o4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128 RPC: <__pci_enable_msix_range+0x3cc/0x460> l0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020 l4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734 i0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d i4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0 I7: <niu_try_msix.constprop.0+0xc0/0x130 [niu]>
Call Trace: [<00000000101888b0>] niu_try_msix.constprop.0+0xc0/0x130 [niu]
[<000000001018f840>] niu_get_invariants+0x183c/0x207c [niu]
[<00000000101902fc>] niu_pci_init_one+0x27c/0x2fc [niu]
[<00000000005ef3e4>] local_pci_probe+0x28/0x74
[<0000000000469240>] work_for_cpu_fn+0x8/0x1c
[<000000000046b008>] process_scheduled_works+0x144/0x210
[<000000000046b518>] worker_thread+0x13c/0x1c0
[<00000000004710e0>] kthread+0xb8/0xc8
[<00000000004060c8>] ret_from_fork+0x1c/0x2c
[<0000000000000000>] 0x0
Kernel panic - not syncing: Non-resumable error.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/14/2026
The vulnerability described in CVE-2025-37833 affects the Linux kernel's handling of MSI-X interrupts on SPARC-based systems, specifically with the niu network driver. This issue manifests as a fatal trap during the initialization of MSI-X capabilities, which is a critical failure that leads to kernel panic and system crash. The root cause lies in a hardware or firmware quirk of the niu chip where reading any registers within an MSI-X entry before the ENTRY_DATA field is written causes an immediate non-resumable error, rendering the system unstable. The kernel's PCI subsystem attempts to configure MSI-X vectors without adhering to this hardware requirement, resulting in the crash during device initialization.
The technical flaw stems from the improper ordering of register accesses within the MSI-X configuration process. The niu_try_msix() function in the kernel fails to write to the ENTRY_DATA register before any other registers in the MSI-X entry are accessed. This violates a hardware-specific constraint that requires the ENTRY_DATA field to be touched first, a behavior that is not commonly encountered in other hardware implementations. The error trace points directly to the msix_prepare_msi_desc function where the fatal trap occurs, indicating that the standard PCI MSI-X enablement process does not account for this specific hardware constraint. This pattern aligns with CWE-129, which describes improper validation of array indices, and CWE-399, which covers resource management errors, as the system fails to properly manage hardware-specific register initialization sequences.
The operational impact of this vulnerability is severe, as it results in complete system crashes during boot or device initialization on affected SPARC systems. Any attempt to use network devices that rely on MSI-X interrupts will trigger the fatal trap, making the system effectively unusable until the kernel is patched. This vulnerability affects systems running Linux kernel versions prior to the fix, particularly those utilizing the niu network driver on SPARC architecture. The non-resumable nature of the error means that the system cannot recover from the crash, requiring a full reboot to restore functionality. The issue is particularly concerning in production environments where SPARC-based servers may be running critical network services.
Mitigation strategies for CVE-2025-37833 involve applying the kernel patch that sets the PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST flag on the struct pci_dev. This flag instructs the kernel to ensure that the ENTRY_DATA register is written to before any other registers in an MSI-X entry are accessed. The fix specifically addresses the hardware quirk by modifying the niu_try_msix() function to comply with the required register ordering. System administrators should upgrade to a patched kernel version to prevent the fatal trap from occurring. Additionally, monitoring for kernel panic messages related to MSI-X configuration and non-resumable errors should be implemented in production environments to quickly identify affected systems. This approach aligns with ATT&CK technique T1547.006, which involves modifying system boot processes, and addresses the underlying hardware compatibility issue through kernel-level software remediation. The vulnerability demonstrates the importance of hardware-specific considerations in kernel development, particularly when dealing with complex interrupt handling mechanisms across diverse architectures.