CVE-2025-37917: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37917 is a vulnerability discovered in the Linux kernel's MTK Star EMAC network driver, specifically affecting the mtk-star-emac driver component. The vulnerability was published on May 20, 2025, and involves spinlock recursion issues that can occur during rx/tx polling operations (NVD Database, Wiz Report).

The vulnerability stems from improper use of spinlock mechanisms in the MTK Star EMAC driver. The issue occurs when using spinlock and spinunlock in the driver instead of spinlockirqsave and spinunlockirqrestore, which can lead to spinlock recursion when re-enabling DMA interrupts during rx/tx polling operations. The issue manifests as a CPU spinlock recursion bug that can trigger system instability (NVD Database, Wiz Report).

When triggered, this vulnerability can cause system instability and potential denial of service conditions on affected Linux systems using the MTK Star EMAC network driver. The issue specifically affects CPU operations and can lead to unexpected system behavior or crashes (Wiz Report).

The vulnerability has been resolved by replacing the use of spinlock and spinunlock with spinlockirqsave and spinunlockirqrestore in the mtk-star-emac driver. This change prevents the spinlock recursion from occurring when re-enabling DMA interrupts during rx/tx polling operations. For the Debian stable distribution (bookworm), these problems have been fixed in version 6.1.140-1 (Debian Security, Wiz Report).