CVE-2025-37886: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37886 is a vulnerability discovered in the Linux kernel's pds_core component, specifically related to wait_context handling in the q_info struct. The vulnerability was disclosed on May 9, 2025, affecting the Linux kernel's pds_core module (NVD, Wiz).

The vulnerability stems from a design flaw where the wait_context was implemented as a stack variable that becomes invalid after pdsc_adminq_post() completion, rather than being a full part of the q_info struct. When slow development firmware causes an adminq request timeout, and the firmware later completes the request and sends an interrupt, the handler attempts to complete_all() the completion context that no longer exists. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 by Red Hat, with attack vector being Local and attack complexity Low (Red Hat).

The vulnerability can result in kernel crashes and system instability when the affected component interacts with slow-responding firmware. The issue leads to bad pointer usage and system crashes, causing significant operational disruption (Wiz).

The vulnerability has been resolved in the Linux kernel by making the wait_context a full part of the q_info struct rather than a stack variable. This ensures the context remains available after the wait loop completion (NVD).