PT-2025-8800 · Linux+2 · Linux Kernel+2
Published
2025-01-27
·
Updated
2025-06-16
·
CVE-2025-21717
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved. The issue is related to the
kvzalloc node function not performing a runtime check on the node argument, which can lead to out-of-bounds access and panic when performing certain ethtool or netlink operations on a CPU with an ID larger than MAX NUMNODES. The vulnerability can be triggered by calling mlx5e open on a CPU that's larger than MAX NUMNODES, resulting in a page fault and kernel panic.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Suse