CVE-2025-21921

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the ethtool netlink command. The issue occurs when the ethnl req get phydev() function is used to lookup a phy device, and the header parameter is NULL, causing a crash. This happens in the notify path after a ->set operation, where there are no request attributes available. The vulnerability is triggered when the tb array is NULL, such as in the ethnl notify path, and only affects the PLCA command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.