PT-2025-14354 · Linux+5 · Linux Kernel+5

Published

2025-03-09

Updated

2026-01-20

CVE-2025-21973

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc4+

Description A vulnerability in the Linux kernel has been resolved, which caused a kernel panic in the bnxt get queue stats{rx | tx} function. This issue occurred when the qstats-get operation was executed while the interface was down, and the function accessed the cp ring and tx ring without a null check. The vulnerability can be reproduced by setting the interface down and executing the qstats-get operation.

Recommendations For Linux kernel versions prior to 6.14.0-rc4+, update to a newer version to resolve the issue. As a temporary workaround, consider avoiding the qstats-get operation when the interface is down to prevent the kernel panic.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-12183

CVE-2025-21973

SUSE-SU-2025:01951-1

SUSE-SU-2025:01967-1

SUSE-SU-2025_01951-1

SUSE-SU-2025_01967-1

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2025-14354 · Linux+5 · Linux Kernel+5

CVE-2025-21973

Weakness Enumeration

Related Identifiers

Affected Products

References · 1020