PT-2025-16729 · Linux+7 · Linux Kernel+7
Published
2025-03-03
·
Updated
2026-04-20
·
CVE-2025-22089
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved, related to the RDMA/core component. The issue was caused by the exposure of hw counters outside of the init net namespace, which could lead to a crash. The problem occurred because of incorrect casting of the device pointer into an ib device pointer using container of() in hw stat device show(), resulting in memory corruption. The fix involves saving the index of the corresponding attribute group and zeroing the pointer to hw counters group for compat devices during initialization.
Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the RDMA/core component. As a temporary workaround, consider restricting access to the hw counters attributes in non-init net namespaces to minimize the risk of exploitation.
Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu