| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi's weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi->state, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi's weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced)." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/core/sysctl_net_core.c" |
| ], |
| "versions": [ |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "d0e0f9c8218826926d7692980c98236d9f21fd3c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "c337c08819a4ec49edfdcd8fc46fbee120d8a5b2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "0e2f1d93d287d544d26f8ff293ea820a8079b9f8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "5860abbf15eeb61838b5e32e721ba67b0aa84450", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "6ce38b5a6a49e65bad163162a54cb3f104c40b48", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "33e2168788f8fb5cb8bd4f36cb1ef37d1d34dada", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "1489824e5226a26841c70639ebd2d1aed390764b", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e3876605450979fe52a1a03e7eb78a89bf59e76a", |
| "lessThan": "d1f9f79fa2af8e3b45cffdeef66e05833480148a", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/core/sysctl_net_core.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.12", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.12", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.291", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.235", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.179", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.129", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.76", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.13", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13.2", |
| "lessThanOrEqual": "6.13.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.14", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "5.4.291" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "5.10.235" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "5.15.179" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "6.1.129" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "6.6.76" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "6.12.13" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "6.13.2" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.12", |
| "versionEndExcluding": "6.14" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/d0e0f9c8218826926d7692980c98236d9f21fd3c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/c337c08819a4ec49edfdcd8fc46fbee120d8a5b2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/0e2f1d93d287d544d26f8ff293ea820a8079b9f8" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/5860abbf15eeb61838b5e32e721ba67b0aa84450" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6ce38b5a6a49e65bad163162a54cb3f104c40b48" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/33e2168788f8fb5cb8bd4f36cb1ef37d1d34dada" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/1489824e5226a26841c70639ebd2d1aed390764b" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d1f9f79fa2af8e3b45cffdeef66e05833480148a" |
| } |
| ], |
| "title": "net: let net.core.dev_weight always be non-zero", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2025-21806", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
