CVE-2025-21808
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: xdp: Disallow attaching device-bound programs in generic mode
Device-bound programs are used to support RX metadata kfuncs. These kfuncs are driver-specific and rely on the driver context to read the metadata. This means they can't work in generic XDP mode. However, there is no check to disallow such programs from being attached in generic mode, in which case the metadata kfuncs will be called in an invalid context, leading to crashes.
Fix this by adding a check to disallow attaching device-bound programs in generic mode.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2b3486bc2d237ec345b3942b7be5deabf8c8fed1 < b1bc4a35a04cbeb85b6ef5911ec015baa424989f | affected |
| Linux | Linux | 2b3486bc2d237ec345b3942b7be5deabf8c8fed1 < 557707906dd3e34b8a8c265f664d19f95799937e | affected |
| Linux | Linux | 2b3486bc2d237ec345b3942b7be5deabf8c8fed1 < 5a9eae683d6c36e8a7aa31e5eb8b369e41aa66e1 | affected |
| Linux | Linux | 2b3486bc2d237ec345b3942b7be5deabf8c8fed1 < 3595599fa8360bb3c7afa7ee50c810b4a64106ea | affected |
| Linux | Linux | 6.3 | affected |
| Linux | Linux | 0 < 6.3 | unaffected |
| Linux | Linux | 6.6.76 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.13 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.2 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b1bc4a35a04cbeb85b6ef5911ec015baa424989f
- https://git.kernel.org/stable/c/557707906dd3e34b8a8c265f664d19f95799937e
- https://git.kernel.org/stable/c/5a9eae683d6c36e8a7aa31e5eb8b369e41aa66e1
- https://git.kernel.org/stable/c/3595599fa8360bb3c7afa7ee50c810b4a64106ea
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.