cve/published/2025/CVE-2025-21701.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n  DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n  WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n  CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n  RIP: 0010:__mutex_lock+0xc8a/0x1120\n  Call Trace:\n   <TASK>\n   ethtool_check_max_channel+0x1ea/0x880\n   ethnl_set_channels+0x3c3/0xb10\n   ethnl_default_set_doit+0x306/0x650\n   genl_family_rcv_msg_doit+0x1e3/0x2c0\n   genl_rcv_msg+0x432/0x6f0\n   netlink_rcv_skb+0x13d/0x3b0\n   genl_rcv+0x28/0x40\n   netlink_unicast+0x42e/0x720\n   netlink_sendmsg+0x765/0xc20\n   __sys_sendto+0x3ac/0x420\n   __x64_sys_sendto+0xe0/0x1c0\n   do_syscall_64+0x95/0x180\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "net/ethtool/netlink.c"
                ],
                "versions": [
                   {
                      "version": "cfd719f04267108f5f5bf802b9d7de69e99a99f9",
                      "lessThan": "26bc6076798aa4dc83a07d0a386f9e57c94e8517",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
                      "lessThan": "b1cb37a31a482df3dd35a6ac166282dac47664f4",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
                      "lessThan": "2f29127e94ae9fdc7497331003d6860e9551cdf3",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
                      "lessThan": "b382ab9b885cbb665e0e70a727f101c981b4edf3",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
                      "lessThan": "4dc880245f9b529fa8f476b5553c799d2848b47b",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
                      "lessThan": "12e070eb6964b341b41677fd260af5a305316a1f",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "7c26da3be1e9843a15b5318f90db8a564479d2ac",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "net/ethtool/netlink.c"
                ],
                "versions": [
                   {
                      "version": "5.16",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "5.16",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.15.179",
                      "lessThanOrEqual": "5.15.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.1.129",
                      "lessThanOrEqual": "6.1.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.76",
                      "lessThanOrEqual": "6.6.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12.13",
                      "lessThanOrEqual": "6.12.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.13.2",
                      "lessThanOrEqual": "6.13.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.14",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.15.8",
                            "versionEndExcluding": "5.15.179"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.16",
                            "versionEndExcluding": "6.1.129"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.16",
                            "versionEndExcluding": "6.6.76"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.16",
                            "versionEndExcluding": "6.12.13"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.16",
                            "versionEndExcluding": "6.13.2"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.16",
                            "versionEndExcluding": "6.14"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.10.87"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517"
             },
             {
                "url": "https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4"
             },
             {
                "url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3"
             },
             {
                "url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3"
             },
             {
                "url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b"
             },
             {
                "url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f"
             }
          ],
          "title": "net: avoid race between device unregistration and ethnl ops",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2025-21701",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n <TASK>\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"net/ethtool/netlink.c"
	],
	"versions": [
	{
	"version": "cfd719f04267108f5f5bf802b9d7de69e99a99f9",
	"lessThan": "26bc6076798aa4dc83a07d0a386f9e57c94e8517",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
	"lessThan": "b1cb37a31a482df3dd35a6ac166282dac47664f4",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
	"lessThan": "2f29127e94ae9fdc7497331003d6860e9551cdf3",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
	"lessThan": "b382ab9b885cbb665e0e70a727f101c981b4edf3",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
	"lessThan": "4dc880245f9b529fa8f476b5553c799d2848b47b",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
	"lessThan": "12e070eb6964b341b41677fd260af5a305316a1f",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "7c26da3be1e9843a15b5318f90db8a564479d2ac",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"net/ethtool/netlink.c"
	],
	"versions": [
	{
	"version": "5.16",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "5.16",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.15.179",
	"lessThanOrEqual": "5.15.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.1.129",
	"lessThanOrEqual": "6.1.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.6.76",
	"lessThanOrEqual": "6.6.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.12.13",
	"lessThanOrEqual": "6.12.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.13.2",
	"lessThanOrEqual": "6.13.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.14",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.15.8",
	"versionEndExcluding": "5.15.179"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.16",
	"versionEndExcluding": "6.1.129"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.16",
	"versionEndExcluding": "6.6.76"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.16",
	"versionEndExcluding": "6.12.13"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.16",
	"versionEndExcluding": "6.13.2"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.16",
	"versionEndExcluding": "6.14"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.10.87"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517"
	},
	{
	"url": "https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4"
	},
	{
	"url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3"
	},
	{
	"url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3"
	},
	{
	"url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b"
	},
	{
	"url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f"
	}
	],
	"title": "net: avoid race between device unregistration and ethnl ops",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2025-21701",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}