Kernel Vulnerability in Linux Affecting mlx5 Network Drivers
CVE-2025-21720

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel, specifically within the packet offload mode of xfrm handling, allows for improper secpath management during IP packet forwarding. When IP forwarding is enabled, packets that have already been processed can be incorrectly reintroduced into the driver TX path, leading to a kernel panic. This occurs when a NULL pointer dereference error is triggered, as evidenced by the failure logs from the mlx5 network driver, which indicate a severe system fault, disrupting normal operations and potentially impacting system stability.

Affected Version(s)

Linux 5958372ddf628fe6f4c3e49425734ad32fcfb13c

Linux 5958372ddf628fe6f4c3e49425734ad32fcfb13c < 6945701ca1572f81bc9bb46f624b02eabb3eaf3e

Linux 5958372ddf628fe6f4c3e49425734ad32fcfb13c < 981ad4c882096e7375b8c2181dd4c3ee58ea5bae

References

https://git.kernel.org/stable/c/c6e1b2cac24b2a4d1dd472071...

https://git.kernel.org/stable/c/6945701ca1572f81bc9bb46f6...

https://git.kernel.org/stable/c/981ad4c882096e7375b8c2181...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024