Linux Kernel Vulnerability in BNXT Driver Reconfiguration Process
CVE-2025-21682

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

A vulnerability exists in the Linux kernel's BNXT driver where a null pointer dereference can occur during the reconfiguration of network device features when the eXpress Data Path (XDP) is detached. This issue arises when there is a failure to re-enable hardware offloading features correctly after detaching XDP, leading to unpredictable states in the driver. Specifically, the driver does not manage simultaneous configuration changes robustly, resulting in potential crashes due to access attempts to freed memory. The problem is rooted in the changes introduced with the XDP feature and affects systems utilizing this driver.

Affected Version(s)

Linux 1054aee82321483dceabbb9b9e5d6512e8fe684b < 08831a894d18abfaabb5bbde7c2069a7fb41dd93

Linux 1054aee82321483dceabbb9b9e5d6512e8fe684b

Linux 4.16

References

https://git.kernel.org/stable/c/08831a894d18abfaabb5bbde7...

https://git.kernel.org/stable/c/f0aa6a37a3dbb40b272df5fc6...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024