cve/published/2025/CVE-2025-21717.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq\n\nkvzalloc_node is not doing a runtime check on the node argument\n(__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands to\nnothing on !CONFIG_DEBUG_VM builds), so doing any ethtool/netlink\noperation that calls mlx5e_open on a CPU that's larger that MAX_NUMNODES\ntriggers OOB access and panic (see the trace below).\n\nAdd missing cpu_to_node call to convert cpu id to node id.\n\n[  165.427394] mlx5_core 0000:5c:00.0 beth1: Link up\n[  166.479327] BUG: unable to handle page fault for address: 0000000800000010\n[  166.494592] #PF: supervisor read access in kernel mode\n[  166.505995] #PF: error_code(0x0000) - not-present page\n...\n[  166.816958] Call Trace:\n[  166.822380]  <TASK>\n[  166.827034]  ? __die_body+0x64/0xb0\n[  166.834774]  ? page_fault_oops+0x2cd/0x3f0\n[  166.843862]  ? exc_page_fault+0x63/0x130\n[  166.852564]  ? asm_exc_page_fault+0x22/0x30\n[  166.861843]  ? __kvmalloc_node_noprof+0x43/0xd0\n[  166.871897]  ? get_partial_node+0x1c/0x320\n[  166.880983]  ? deactivate_slab+0x269/0x2b0\n[  166.890069]  ___slab_alloc+0x521/0xa90\n[  166.898389]  ? __kvmalloc_node_noprof+0x43/0xd0\n[  166.908442]  __kmalloc_node_noprof+0x216/0x3f0\n[  166.918302]  ? __kvmalloc_node_noprof+0x43/0xd0\n[  166.928354]  __kvmalloc_node_noprof+0x43/0xd0\n[  166.938021]  mlx5e_open_channels+0x5e2/0xc00\n[  166.947496]  mlx5e_open_locked+0x3e/0xf0\n[  166.956201]  mlx5e_open+0x23/0x50\n[  166.963551]  __dev_open+0x114/0x1c0\n[  166.971292]  __dev_change_flags+0xa2/0x1b0\n[  166.980378]  dev_change_flags+0x21/0x60\n[  166.988887]  do_setlink+0x38d/0xf20\n[  166.996628]  ? ep_poll_callback+0x1b9/0x240\n[  167.005910]  ? __nla_validate_parse.llvm.10713395753544950386+0x80/0xd70\n[  167.020782]  ? __wake_up_sync_key+0x52/0x80\n[  167.030066]  ? __mutex_lock+0xff/0x550\n[  167.038382]  ? security_capable+0x50/0x90\n[  167.047279]  rtnl_setlink+0x1c9/0x210\n[  167.055403]  ? ep_poll_callback+0x1b9/0x240\n[  167.064684]  ? security_capable+0x50/0x90\n[  167.073579]  rtnetlink_rcv_msg+0x2f9/0x310\n[  167.082667]  ? rtnetlink_bind+0x30/0x30\n[  167.091173]  netlink_rcv_skb+0xb1/0xe0\n[  167.099492]  netlink_unicast+0x20f/0x2e0\n[  167.108191]  netlink_sendmsg+0x389/0x420\n[  167.116896]  __sys_sendto+0x158/0x1c0\n[  167.125024]  __x64_sys_sendto+0x22/0x30\n[  167.133534]  do_syscall_64+0x63/0x130\n[  167.141657]  ? __irq_exit_rcu.llvm.17843942359718260576+0x52/0xd0\n[  167.155181]  entry_SYSCALL_64_after_hwframe+0x4b/0x53"
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
                ],
                "versions": [
                   {
                      "version": "bb135e40129ddd254cfb474b58981313be79a631",
                      "lessThan": "a275db45b4161d01716559dd7557db9ea0450952",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "bb135e40129ddd254cfb474b58981313be79a631",
                      "lessThan": "979284535aaf12a287a2f43d9d5dfcbdc1dc4cac",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
                ],
                "versions": [
                   {
                      "version": "6.13",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.13",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.13.2",
                      "lessThanOrEqual": "6.13.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.14",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.13",
                            "versionEndExcluding": "6.13.2"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.13",
                            "versionEndExcluding": "6.14"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/a275db45b4161d01716559dd7557db9ea0450952"
             },
             {
                "url": "https://git.kernel.org/stable/c/979284535aaf12a287a2f43d9d5dfcbdc1dc4cac"
             }
          ],
          "title": "net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2025-21717",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq\n\nkvzalloc_node is not doing a runtime check on the node argument\n(__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands to\nnothing on !CONFIG_DEBUG_VM builds), so doing any ethtool/netlink\noperation that calls mlx5e_open on a CPU that's larger that MAX_NUMNODES\ntriggers OOB access and panic (see the trace below).\n\nAdd missing cpu_to_node call to convert cpu id to node id.\n\n[ 165.427394] mlx5_core 0000:5c:00.0 beth1: Link up\n[ 166.479327] BUG: unable to handle page fault for address: 0000000800000010\n[ 166.494592] #PF: supervisor read access in kernel mode\n[ 166.505995] #PF: error_code(0x0000) - not-present page\n...\n[ 166.816958] Call Trace:\n[ 166.822380] <TASK>\n[ 166.827034] ? __die_body+0x64/0xb0\n[ 166.834774] ? page_fault_oops+0x2cd/0x3f0\n[ 166.843862] ? exc_page_fault+0x63/0x130\n[ 166.852564] ? asm_exc_page_fault+0x22/0x30\n[ 166.861843] ? __kvmalloc_node_noprof+0x43/0xd0\n[ 166.871897] ? get_partial_node+0x1c/0x320\n[ 166.880983] ? deactivate_slab+0x269/0x2b0\n[ 166.890069] ___slab_alloc+0x521/0xa90\n[ 166.898389] ? __kvmalloc_node_noprof+0x43/0xd0\n[ 166.908442] __kmalloc_node_noprof+0x216/0x3f0\n[ 166.918302] ? __kvmalloc_node_noprof+0x43/0xd0\n[ 166.928354] __kvmalloc_node_noprof+0x43/0xd0\n[ 166.938021] mlx5e_open_channels+0x5e2/0xc00\n[ 166.947496] mlx5e_open_locked+0x3e/0xf0\n[ 166.956201] mlx5e_open+0x23/0x50\n[ 166.963551] __dev_open+0x114/0x1c0\n[ 166.971292] __dev_change_flags+0xa2/0x1b0\n[ 166.980378] dev_change_flags+0x21/0x60\n[ 166.988887] do_setlink+0x38d/0xf20\n[ 166.996628] ? ep_poll_callback+0x1b9/0x240\n[ 167.005910] ? __nla_validate_parse.llvm.10713395753544950386+0x80/0xd70\n[ 167.020782] ? __wake_up_sync_key+0x52/0x80\n[ 167.030066] ? __mutex_lock+0xff/0x550\n[ 167.038382] ? security_capable+0x50/0x90\n[ 167.047279] rtnl_setlink+0x1c9/0x210\n[ 167.055403] ? ep_poll_callback+0x1b9/0x240\n[ 167.064684] ? security_capable+0x50/0x90\n[ 167.073579] rtnetlink_rcv_msg+0x2f9/0x310\n[ 167.082667] ? rtnetlink_bind+0x30/0x30\n[ 167.091173] netlink_rcv_skb+0xb1/0xe0\n[ 167.099492] netlink_unicast+0x20f/0x2e0\n[ 167.108191] netlink_sendmsg+0x389/0x420\n[ 167.116896] __sys_sendto+0x158/0x1c0\n[ 167.125024] __x64_sys_sendto+0x22/0x30\n[ 167.133534] do_syscall_64+0x63/0x130\n[ 167.141657] ? __irq_exit_rcu.llvm.17843942359718260576+0x52/0xd0\n[ 167.155181] entry_SYSCALL_64_after_hwframe+0x4b/0x53"
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
	],
	"versions": [
	{
	"version": "bb135e40129ddd254cfb474b58981313be79a631",
	"lessThan": "a275db45b4161d01716559dd7557db9ea0450952",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "bb135e40129ddd254cfb474b58981313be79a631",
	"lessThan": "979284535aaf12a287a2f43d9d5dfcbdc1dc4cac",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
	],
	"versions": [
	{
	"version": "6.13",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.13",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.13.2",
	"lessThanOrEqual": "6.13.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.14",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.13",
	"versionEndExcluding": "6.13.2"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.13",
	"versionEndExcluding": "6.14"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/a275db45b4161d01716559dd7557db9ea0450952"
	},
	{
	"url": "https://git.kernel.org/stable/c/979284535aaf12a287a2f43d9d5dfcbdc1dc4cac"
	}
	],
	"title": "net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2025-21717",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}