CVE-2025-37911: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37911 is a vulnerability discovered in the Linux kernel's bnxt_en driver, specifically affecting the firmware coredump retrieval functionality using ethtool. The vulnerability was identified and disclosed in May 2025, impacting systems running the Linux kernel (Wiz Report, NVD).

The vulnerability occurs in the bnxt_hwrm_dbg_dma_data() function when handling the HWRM_DBG_COREDUMP_LIST firmware command. The issue arises when the info->dest_buf buffer is allocated based on the number of coredump segments returned by the firmware. In certain cases, the DMA length returned by the firmware may exceed the info->dest_buf length, leading to memory corruption. This was detected through KFENCE showing corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] (NVD).

The vulnerability results in memory corruption within the Linux kernel when attempting to retrieve firmware coredump using ethtool. This can potentially cause system instability or crashes, affecting the overall system reliability (Wiz Report).

The vulnerability has been addressed by implementing a cap on the copy length to ensure it does not exceed the length of info->dest_buf. The code path shared between HWRM_DBG_COREDUMP_LIST and HWRM_DBG_COREDUMP_RETRIEVE firmware commands has been simplified by adjusting the buffer length handling. For the Debian stable distribution (bookworm), these issues have been fixed in version 6.1.140-1 (Debian Security).