Kernel Vulnerability in the Linux Kernel Affecting Multiple Network Components
CVE-2025-21675

5.5MEDIUM

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
31 January 2025

Summary

A vulnerability in the Linux kernel's mlx5 network components allows a NULL pointer dereference, potentially leading to system crashes. If port selection structure fails to initialize correctly, it results in double destruction of lag definers. This creates stale values in the system, triggering a kernel crash and unstable behavior in network operations. Proper error handling and port state management are crucial to mitigate these issues.

Affected Version(s)

Linux dc48516ec7d369c6b80bf9f14d774287b6c428aa

Linux dc48516ec7d369c6b80bf9f14d774287b6c428aa < 473bc285378f49aa27e5b3e95a6d5ed12995d654

Linux dc48516ec7d369c6b80bf9f14d774287b6c428aa < 1f6e619ef2a4def555b14ac2aeb4304bfccad59b

References

https://git.kernel.org/stable/c/efc92a260e23cf9fafb0b6f6c...
https://git.kernel.org/stable/c/473bc285378f49aa27e5b3e95...
https://git.kernel.org/stable/c/1f6e619ef2a4def555b14ac2a...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.