Linux Kernel Vulnerability in Mellanox Ethernet Drivers
CVE-2025-21800

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability exists in the Linux kernel's Mellanox Ethernet drivers specifically related to the HWS_SET32 macro. The issue is triggered when a negative bit offset is used, leading to a shift-out-of-bounds condition reported by Undefined Behavior Sanitizer (UBSAN). This flaw arises from incorrect handling of offsets, which can potentially breach memory boundaries, thereby causing system instability or data corruption. Prompt attention and remediation of this vulnerability are critical for maintaining robust and secure networking operations.

Affected Version(s)

Linux 74a778b4a63faef9ff02aad0d332b209835f93e1 < 92cff996624c4757d5bbace3dfa3f1567ba94143

Linux 74a778b4a63faef9ff02aad0d332b209835f93e1 < 69c676c0ded472713e6d1b3a456b3c4f52f66f0e

Linux 74a778b4a63faef9ff02aad0d332b209835f93e1

References

https://git.kernel.org/stable/c/92cff996624c4757d5bbace3d...

https://git.kernel.org/stable/c/69c676c0ded472713e6d1b3a4...

https://git.kernel.org/stable/c/be482f1d10da781db9445d275...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024