Infinite Loop Vulnerability in Open vSwitch Affecting Linux Kernel
CVE-2025-21681

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

In the Linux kernel, a vulnerability was identified in Open vSwitch related to the transmission of packets to unregistering network devices. When a device is being unregistered, the 'real_num_tx_queues' can drop to zero, potentially leading to an infinite loop in the skb_tx_hash function. This condition can occur even when the device reports a carrier status of OK, particularly with the net/dummy device, which does not implement necessary state changes during unregistration. Consequently, encountering this flaw could lock the core indefinitely, and the only recourse is to reboot the system. The vulnerability has been addressed by requiring checks on both the device's running status and carrier state, ensuring better handling during the unregistration process.

Affected Version(s)

Linux 644b3051b06ba465bc7401bfae9b14963cbc8c1c

Linux 066b86787fa3d97b7aefb5ac0a99a22dad2d15f8

Linux 066b86787fa3d97b7aefb5ac0a99a22dad2d15f8 < 82f433e8dd0629e16681edf6039d094b5518d8ed

References

https://git.kernel.org/stable/c/ea9e990356b7bee95440ba0e6...

https://git.kernel.org/stable/c/ea966b6698785fb9cd0fdb867...

https://git.kernel.org/stable/c/82f433e8dd0629e16681edf60...

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024