CVE-2025-68795

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The ethtool utility, specifically the -S command, is susceptible to a buffer overflow when querying device statistics. This occurs because the number of statistics can change between the calls to determine the buffer size, string names, and actual values. Certain drivers, such as mlx5, bnx2x, bna, and ksz884x, utilize dynamic counters, increasing the likelihood of this issue. While some drivers attempt internal handling, they rely on potentially outdated information. The issue arises from a mismatch between the userspace buffer size and the actual number of statistics returned. The fix implemented prevents the overflow by not returning any data when a mismatch is detected, resulting in either no output or zeroed statistics, which is considered more predictable than incorrect data. The patch addresses the buffer overflow but does not resolve the underlying race condition. The vulnerability exists between separate ioctl calls when the RTNL lock is released. The code includes a check to ensure stats.n stats is not zero to prevent regressions in userspace applications that may not populate this value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.