CVE-2025-21901

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/bnxt_re: Add sanity checks on rdev validity

There is a possibility that ulp_irq_stop and ulp_irq_start callbacks will be called when the device is in detached state. This can cause a crash due to NULL pointer dereference as the rdev is already freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcc5b9b48d44756a87170f3901c6c2fd99e6b89b2 < aed1bc673907e3df372b317c10ff2f3582f8bf1aaffected
LinuxLinuxcc5b9b48d44756a87170f3901c6c2fd99e6b89b2 < 8cb0eef46d70a99c88c26a1addb7fd955242e0e6affected
LinuxLinuxcc5b9b48d44756a87170f3901c6c2fd99e6b89b2 < f0df225d12fcb049429fb5bf5122afe143c2dd15affected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.18 <= 6.12.*unaffected
LinuxLinux6.13.6 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References