PT-2025-4356 · Linux+6 · Linux Kernel+6

Published

2025-01-15

·

Updated

2025-10-03

·

CVE-2025-21675

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions up to 6.1.126/6.6.73/6.12.10
Description The vulnerability is related to a null pointer dereference in the mlx5 lag destroy definers() function of the Linux kernel's mlx5 driver. This issue can cause a kernel crash when the mlx5 lag port sel create() function fails to create a port select structure, leading to a double destruction of lag definers. The vulnerability can be exploited to cause a denial of service.
Recommendations To resolve this issue, update the Linux kernel to a version later than 6.1.126/6.6.73/6.12.10. As a temporary workaround, consider disabling the mlx5 lag destroy definers() function until a patch is available. Restrict access to the vulnerable module mlx5 core to minimize the risk of exploitation. Avoid using the mlx5 lag port sel create() function in the affected API endpoint until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-3467
ALT-PU-2025-3500
AZL-56390
BDU:2025-01476
CVE-2025-21675
DLA-4076-1
DSA-5860-1
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
OPENSUSE-SU-2025_0847-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0564-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
SUSE-SU-2025_0847-1
USN-7445-1
USN-7448-1
USN-7595-1
USN-7595-2
USN-7595-3
USN-7595-4
USN-7595-5
USN-7596-1
USN-7596-2
USN-7653-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu