PT-2025-14355 · Linux+5 · Linux Kernel+5

Published

2025-03-09

·

Updated

2026-01-20

·

CVE-2025-21974

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc2+
Description A vulnerability in the Linux kernel has been resolved, related to the bnxt queue mem alloc() function. This function is called to allocate new queue memory when a queue is restarted. If the queue is restarted while the interface is down, a kernel panic occurs due to the rx buffer descriptor being freed when the interface is down. The issue is triggered when the bnxt queue mem alloc() function internally accesses the rx buffer descriptor corresponding to the index.
Recommendations For Linux kernel versions prior to 6.14.0-rc2+, update to a version that includes the fix for this issue to prevent kernel panic when restarting a queue while the interface is down. As a temporary workaround, consider disabling the queue restart functionality when the interface is down to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-460

Related Identifiers

BDU:2025-12112
CVE-2025-21974
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu