{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-37895","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.964Z","datePublished":"2025-05-20T15:21:32.045Z","dateUpdated":"2026-05-11T21:17:12.277Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:17:12.277Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix error handling path in bnxt_init_chip()\n\nWARN_ON() is triggered in __flush_work() if bnxt_init_chip() fails\nbecause we call cancel_work_sync() on dim work that has not been\ninitialized.\n\nWARNING: CPU: 37 PID: 5223 at kernel/workqueue.c:4201 __flush_work.isra.0+0x212/0x230\n\nThe driver relies on the BNXT_STATE_NAPI_DISABLED bit to check if dim\nwork has already been cancelled.  But in the bnxt_open() path,\nBNXT_STATE_NAPI_DISABLED is not set and this causes the error\npath to think that it needs to cancel the uninitalized dim work.\nFix it by setting BNXT_STATE_NAPI_DISABLED during initialization.\nThe bit will be cleared when we enable NAPI and initialize dim work."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/broadcom/bnxt/bnxt.c"],"versions":[{"version":"f697217f980ffc796c72c34dbf7d59a6b1996888","lessThan":"e039b00ddbfeaa0dc59b8659be114f1a1b37c5bf","status":"affected","versionType":"git"},{"version":"40452969a50652e3cbf89dac83d54eebf2206d27","lessThan":"21116727f452474502ee74f956d5e7466103e19b","status":"affected","versionType":"git"},{"version":"40452969a50652e3cbf89dac83d54eebf2206d27","lessThan":"9ab7a709c926c16b4433cf02d04fcbcf35aaab2b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/broadcom/bnxt/bnxt.c"],"versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","status":"unaffected","versionType":"semver"},{"version":"6.12.28","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.6","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.10","versionEndExcluding":"6.12.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e039b00ddbfeaa0dc59b8659be114f1a1b37c5bf"},{"url":"https://git.kernel.org/stable/c/21116727f452474502ee74f956d5e7466103e19b"},{"url":"https://git.kernel.org/stable/c/9ab7a709c926c16b4433cf02d04fcbcf35aaab2b"}],"title":"bnxt_en: Fix error handling path in bnxt_init_chip()","x_generator":{"engine":"bippy-1.2.0"}}}}