CVE-2025-21717
- Source
- https://cve.org/CVERecord?id=CVE-2025-21717
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21717.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-21717
- Downstream
- Related
- Published
- 2025-02-27T02:07:27.369Z
- Modified
- 2026-04-02T12:45:11.927942Z
- Summary
- net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: add missing cputonode to kvzallocnode in mlx5eopenxdpredirectsq
kvzallocnode is not doing a runtime check on the node argument (allocpagesnodenoprof does have a VMBUGON, but it expands to nothing on !CONFIGDEBUGVM builds), so doing any ethtool/netlink operation that calls mlx5eopen on a CPU that's larger that MAXNUMNODES triggers OOB access and panic (see the trace below).
Add missing cputonode call to convert cpu id to node id.
[ 165.427394] mlx5core 0000:5c:00.0 beth1: Link up [ 166.479327] BUG: unable to handle page fault for address: 0000000800000010 [ 166.494592] #PF: supervisor read access in kernel mode [ 166.505995] #PF: errorcode(0x0000) - not-present page ... [ 166.816958] Call Trace: [ 166.822380] <TASK> [ 166.827034] ? __diebody+0x64/0xb0 [ 166.834774] ? pagefaultoops+0x2cd/0x3f0 [ 166.843862] ? excpagefault+0x63/0x130 [ 166.852564] ? asmexcpagefault+0x22/0x30 [ 166.861843] ? __kvmallocnodenoprof+0x43/0xd0 [ 166.871897] ? getpartialnode+0x1c/0x320 [ 166.880983] ? deactivate_slab+0x269/0x2b0 [ 166.890069] ___slab_alloc+0x521/0xa90 [ 166.898389] ? __kvmallocnodenoprof+0x43/0xd0 [ 166.908442] __kmallocnodenoprof+0x216/0x3f0 [ 166.918302] ? __kvmallocnodenoprof+0x43/0xd0 [ 166.928354] __kvmallocnodenoprof+0x43/0xd0 [ 166.938021] mlx5eopenchannels+0x5e2/0xc00 [ 166.947496] mlx5eopenlocked+0x3e/0xf0 [ 166.956201] mlx5e_open+0x23/0x50 [ 166.963551] __dev_open+0x114/0x1c0 [ 166.971292] __devchangeflags+0xa2/0x1b0 [ 166.980378] devchangeflags+0x21/0x60 [ 166.988887] dosetlink+0x38d/0xf20 [ 166.996628] ? eppoll_callback+0x1b9/0x240 [ 167.005910] ? __nlavalidateparse.llvm.10713395753544950386+0x80/0xd70 [ 167.020782] ? __wakeupsync_key+0x52/0x80 [ 167.030066] ? __mutexlock+0xff/0x550 [ 167.038382] ? securitycapable+0x50/0x90 [ 167.047279] rtnlsetlink+0x1c9/0x210 [ 167.055403] ? eppollcallback+0x1b9/0x240 [ 167.064684] ? securitycapable+0x50/0x90 [ 167.073579] rtnetlinkrcvmsg+0x2f9/0x310 [ 167.082667] ? rtnetlinkbind+0x30/0x30 [ 167.091173] netlinkrcvskb+0xb1/0xe0 [ 167.099492] netlinkunicast+0x20f/0x2e0 [ 167.108191] netlink_sendmsg+0x389/0x420 [ 167.116896] __sys_sendto+0x158/0x1c0 [ 167.125024] __x64syssendto+0x22/0x30 [ 167.133534] dosyscall64+0x63/0x130 [ 167.141657] ? __irqexitrcu.llvm.17843942359718260576+0x52/0xd0 [ 167.155181] entrySYSCALL64afterhwframe+0x4b/0x53
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21717.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/979284535aaf12a287a2f43d9d5dfcbdc1dc4cac
- https://git.kernel.org/stable/c/a275db45b4161d01716559dd7557db9ea0450952
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21717.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-21717
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git