CVE-2025-21970

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A crash in the Linux kernel can occur when removing a LAG device from a bridge. This happens because the mlx5 lag is shared fdb check returns false if one of the PFs is unloaded, causing mlx5 esw bridge lag rep get() and its caller to return NULL. As a result, the flush of offloaded entries is skipped, and the bridge fdb entry's lastuse is not updated, leading to the entry never being aged. The kernel bridge notifier then handles the SWITCHDEV FDB ADD TO BRIDGE event, causing a crash when accessing the already destroyed bond netdev.

Recommendations To fix this issue, remove the LAG state checks. The LAG state is already checked in the commit 15f8f168952f, and the driver still needs to skip offload if the LAG becomes invalid after initialization. At the moment, there is no information about a newer version that contains a fix for this vulnerability.