CVE-2025-71133
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: avoid invalid read in irdma_net_event
irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE. Other events come with different structures pointed to by "ptr" and they may be smaller than struct neighbour.
Move the read of neigh->dev under the NETEVENT_NEIGH_UPDATE case.
The bug is mostly harmless, but it triggers KASAN on debug kernels:
BUG: KASAN: stack-out-of-bounds in irdma_net_event+0x32e/0x3b0 [irdma] Read of size 8 at addr ffffc900075e07f0 by task kworker/27:2/542554
CPU: 27 PID: 542554 Comm: kworker/27:2 Kdump: loaded Not tainted 5.14.0-630.el9.x86_64+debug #1 Hardware name: […] Workqueue: events rt6_probe_deferred Call Trace: <IRQ> dump_stack_lvl+0x60/0xb0 print_address_description.constprop.0+0x2c/0x3f0 print_report+0xb4/0x270 kasan_report+0x92/0xc0 irdma_net_event+0x32e/0x3b0 [irdma] notifier_call_chain+0x9e/0x180 atomic_notifier_call_chain+0x5c/0x110 rt6_do_redirect+0xb91/0x1080 tcp_v6_err+0xe9b/0x13e0 icmpv6_notify+0x2b2/0x630 ndisc_redirect_rcv+0x328/0x530 icmpv6_rcv+0xc16/0x1360 ip6_protocol_deliver_rcu+0xb84/0x12e0 ip6_input_finish+0x117/0x240 ip6_input+0xc4/0x370 ipv6_rcv+0x420/0x7d0 __netif_receive_skb_one_core+0x118/0x1b0 process_backlog+0xd1/0x5d0 __napi_poll.constprop.0+0xa3/0x440 net_rx_action+0x78a/0xba0 handle_softirqs+0x2d4/0x9c0 do_softirq+0xad/0xe0 </IRQ>
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 915cc7ac0f8e2a23675ee896e87f17c7d3c47089 < db93ae6fa66f1c61ae63400191195e3ee58021da | affected |
| Linux | Linux | 915cc7ac0f8e2a23675ee896e87f17c7d3c47089 < 305c02e541befe4a44ffde30ed374970f41aeb6c | affected |
| Linux | Linux | 915cc7ac0f8e2a23675ee896e87f17c7d3c47089 < fc23d05f0b3fb4d80657e7afebae2cae686b31c8 | affected |
| Linux | Linux | 915cc7ac0f8e2a23675ee896e87f17c7d3c47089 < bf197c7c79ef6458d1ee84dd7db251b51784885f | affected |
| Linux | Linux | 915cc7ac0f8e2a23675ee896e87f17c7d3c47089 < d9b9affd103f51b42322da4ed5ac025b560bc354 | affected |
| Linux | Linux | 915cc7ac0f8e2a23675ee896e87f17c7d3c47089 < 6f05611728e9d0ab024832a4f1abb74a5f5d0bb0 | affected |
| Linux | Linux | 5.14 | affected |
| Linux | Linux | 0 < 5.14 | unaffected |
| Linux | Linux | 5.15.198 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.160 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.120 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.64 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.4 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/db93ae6fa66f1c61ae63400191195e3ee58021da
- https://git.kernel.org/stable/c/305c02e541befe4a44ffde30ed374970f41aeb6c
- https://git.kernel.org/stable/c/fc23d05f0b3fb4d80657e7afebae2cae686b31c8
- https://git.kernel.org/stable/c/bf197c7c79ef6458d1ee84dd7db251b51784885f
- https://git.kernel.org/stable/c/d9b9affd103f51b42322da4ed5ac025b560bc354
- https://git.kernel.org/stable/c/6f05611728e9d0ab024832a4f1abb74a5f5d0bb0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.