CVE-2025-21806

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc7+

Description A problem was encountered during stability testing in the Linux kernel, where the NAPI poll function process backlog() returned 1, exceeding its budget of 0, when net.core.dev weight was set to 0. This caused a double add issue in the list, resulting in a warning. The issue occurs when the napi's weight is set to 0, allowing process backlog() to return 0 and clear the NAPI STATE SCHED bit of napi->state, causing the napi to be re-polled until do softirq() times out. Making the napi's weight always non-zero solves this problem. Triggering this issue requires system-wide admin privileges.

Recommendations For Linux kernel versions prior to 6.13.0-rc7+, as a temporary workaround, consider setting net.core.dev weight to a non-zero value to prevent the issue. To resolve the issue, update the Linux kernel to a version where this problem has been fixed, ensuring that net.core.dev weight is always non-zero.