Linux · Linux Kernel · CVE-2025-21720
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
A vulnerability in the Linux kernel has been identified, related to the handling of packets in hardware offload mode. When IP forwarding is enabled, an intermediate secpath entry is not removed, causing packets to be reentered into the driver TX path with xfrm offload set. This can lead to a kernel panic, as observed in the mlx5 driver. The issue is related to the `xfrm` and `mlx5e ipsec handle tx skb` function.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.