Vulnerability-Lookup

CVE-2025-21751 (GCVE-0-2025-21751)

Vulnerability from cvelistv5 – Published: 2025-02-27 02:12 – Updated: 2025-09-19 14:53

Title

net/mlx5: HWS, change error flow on matcher disconnect

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, which continues running the calling function and eventually frees the matcher that is being disconnected. This leads to a case where we have a freed matcher on the matchers list, which in turn leads to use-after-free and eventual crash. This patch fixes that by not trying to reconnect the matcher back when some FW command fails during disconnect. Note that we're dealing here with FW error. We can't overcome this problem. This might lead to bad steering state (e.g. wrong connection between matchers), and will also lead to resource leakage, as it is the case with any other error handling during resource destruction. However, the goal here is to allow the driver to continue and not crash the machine with use-after-free error.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5682aad0276ff9b9b…
	https://git.kernel.org/stable/c/23a86c76a1a197e8f…
	https://git.kernel.org/stable/c/1ce840c7a659aa53a…

Impacted products

Vendor

Product

Version

Linux

Affected: 472dd792348f6601ccaa97d5626ee4faff891901 , < 5682aad0276ff9b9b0eff3188eb6a1f504d6b436 (git)
Affected: 472dd792348f6601ccaa97d5626ee4faff891901 , < 23a86c76a1a197e8fbbbd0ce3e826eb58c471624 (git)
Affected: 472dd792348f6601ccaa97d5626ee4faff891901 , < 1ce840c7a659aa53a31ef49f0271b4fd0dc10296 (git)

Linux

Affected: 6.12
Unaffected: 0 , < 6.12 (semver)
Unaffected: 6.12.48 , ≤ 6.12.* (semver)
Unaffected: 6.13.3 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T18:14:26.697302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T18:22:29.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5682aad0276ff9b9b0eff3188eb6a1f504d6b436",
              "status": "affected",
              "version": "472dd792348f6601ccaa97d5626ee4faff891901",
              "versionType": "git"
            },
            {
              "lessThan": "23a86c76a1a197e8fbbbd0ce3e826eb58c471624",
              "status": "affected",
              "version": "472dd792348f6601ccaa97d5626ee4faff891901",
              "versionType": "git"
            },
            {
              "lessThan": "1ce840c7a659aa53a31ef49f0271b4fd0dc10296",
              "status": "affected",
              "version": "472dd792348f6601ccaa97d5626ee4faff891901",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.48",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.3",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, change error flow on matcher disconnect\n\nCurrently, when firmware failure occurs during matcher disconnect flow,\nthe error flow of the function reconnects the matcher back and returns\nan error, which continues running the calling function and eventually\nfrees the matcher that is being disconnected.\nThis leads to a case where we have a freed matcher on the matchers list,\nwhich in turn leads to use-after-free and eventual crash.\n\nThis patch fixes that by not trying to reconnect the matcher back when\nsome FW command fails during disconnect.\n\nNote that we\u0027re dealing here with FW error. We can\u0027t overcome this\nproblem. This might lead to bad steering state (e.g. wrong connection\nbetween matchers), and will also lead to resource leakage, as it is\nthe case with any other error handling during resource destruction.\n\nHowever, the goal here is to allow the driver to continue and not crash\nthe machine with use-after-free error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T14:53:56.575Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5682aad0276ff9b9b0eff3188eb6a1f504d6b436"
        },
        {
          "url": "https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296"
        }
      ],
      "title": "net/mlx5: HWS, change error flow on matcher disconnect",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21751",
    "datePublished": "2025-02-27T02:12:22.177Z",
    "dateReserved": "2024-12-29T08:45:45.759Z",
    "dateUpdated": "2025-09-19T14:53:56.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21751\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-27T18:14:26.697302Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-27T18:14:27.891Z\"}}], \"cna\": {\"title\": \"net/mlx5: HWS, change error flow on matcher disconnect\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"472dd792348f6601ccaa97d5626ee4faff891901\", \"lessThan\": \"5682aad0276ff9b9b0eff3188eb6a1f504d6b436\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"472dd792348f6601ccaa97d5626ee4faff891901\", \"lessThan\": \"23a86c76a1a197e8fbbbd0ce3e826eb58c471624\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"472dd792348f6601ccaa97d5626ee4faff891901\", \"lessThan\": \"1ce840c7a659aa53a31ef49f0271b4fd0dc10296\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.12.48\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/5682aad0276ff9b9b0eff3188eb6a1f504d6b436\"}, {\"url\": \"https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624\"}, {\"url\": \"https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5: HWS, change error flow on matcher disconnect\\n\\nCurrently, when firmware failure occurs during matcher disconnect flow,\\nthe error flow of the function reconnects the matcher back and returns\\nan error, which continues running the calling function and eventually\\nfrees the matcher that is being disconnected.\\nThis leads to a case where we have a freed matcher on the matchers list,\\nwhich in turn leads to use-after-free and eventual crash.\\n\\nThis patch fixes that by not trying to reconnect the matcher back when\\nsome FW command fails during disconnect.\\n\\nNote that we\u0027re dealing here with FW error. We can\u0027t overcome this\\nproblem. This might lead to bad steering state (e.g. wrong connection\\nbetween matchers), and will also lead to resource leakage, as it is\\nthe case with any other error handling during resource destruction.\\n\\nHowever, the goal here is to allow the driver to continue and not crash\\nthe machine with use-after-free error.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.48\", \"versionStartIncluding\": \"6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.3\", \"versionStartIncluding\": \"6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14\", \"versionStartIncluding\": \"6.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-09-19T14:53:56.575Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-21751\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-19T14:53:56.575Z\", \"dateReserved\": \"2024-12-29T08:45:45.759Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-27T02:12:22.177Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-21751

Vulnerability from fkie_nvd - Published: 2025-02-27 03:15 - Updated: 2025-09-19 15:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5682aad0276ff9b9b0eff3188eb6a1f504d6b436

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE4E9494-C003-4567-B9CB-CF0C8429C517",
              "versionEndExcluding": "6.13.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, change error flow on matcher disconnect\n\nCurrently, when firmware failure occurs during matcher disconnect flow,\nthe error flow of the function reconnects the matcher back and returns\nan error, which continues running the calling function and eventually\nfrees the matcher that is being disconnected.\nThis leads to a case where we have a freed matcher on the matchers list,\nwhich in turn leads to use-after-free and eventual crash.\n\nThis patch fixes that by not trying to reconnect the matcher back when\nsome FW command fails during disconnect.\n\nNote that we\u0027re dealing here with FW error. We can\u0027t overcome this\nproblem. This might lead to bad steering state (e.g. wrong connection\nbetween matchers), and will also lead to resource leakage, as it is\nthe case with any other error handling during resource destruction.\n\nHowever, the goal here is to allow the driver to continue and not crash\nthe machine with use-after-free error."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: HWS, cambiar el flujo de error en la desconexi\u00f3n del comparador Actualmente, cuando ocurre una falla de firmware durante el flujo de desconexi\u00f3n del comparador, el flujo de error de la funci\u00f3n vuelve a conectar el comparador y devuelve un error, que contin\u00faa ejecutando la funci\u00f3n de llamada y finalmente libera el comparador que se est\u00e1 desconectando. Esto lleva a un caso en el que tenemos un comparador liberado en la lista de comparadores, lo que a su vez lleva a un use after free y un eventual bloqueo. Este parche lo corrige al no intentar volver a conectar el comparador cuando alg\u00fan comando de FW falla durante la desconexi\u00f3n. Tenga en cuenta que aqu\u00ed estamos tratando con un error de FW. No podemos superar este problema. Esto puede llevar a un mal estado de direcci\u00f3n (por ejemplo, conexi\u00f3n incorrecta entre comparadores) y tambi\u00e9n conducir\u00e1 a una fuga de recursos, como es el caso con cualquier otro manejo de errores durante la destrucci\u00f3n de recursos. Sin embargo, el objetivo aqu\u00ed es permitir que el controlador contin\u00fae y no bloquee la m\u00e1quina con un error de use after free."
    }
  ],
  "id": "CVE-2025-21751",
  "lastModified": "2025-09-19T15:15:48.233",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-27T03:15:15.760",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5682aad0276ff9b9b0eff3188eb6a1f504d6b436"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0825

Vulnerability from certfr_avis - Published: 2025-09-26 - Updated: 2025-09-26

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Debian	Debian	Debian trixie versions antérieures à 6.12.48-1
	Debian	Debian	Debian bookworm versions antérieures à 6.1.153-1

References

Title

Publication Time

Tags

Bulletin de sécurité Debian DSA-6009-1	2025-09-22	vendor-advisory
Bulletin de sécurité Debian DSA-6008-1	2025-09-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.48-1",
      "product": {
        "name": "Debian",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    },
    {
      "description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.153-1",
      "product": {
        "name": "Debian",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-38453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38453"
    },
    {
      "name": "CVE-2025-39812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39812"
    },
    {
      "name": "CVE-2025-38711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38711"
    },
    {
      "name": "CVE-2025-39723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39723"
    },
    {
      "name": "CVE-2025-39808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39808"
    },
    {
      "name": "CVE-2025-39757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
    },
    {
      "name": "CVE-2025-39772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39772"
    },
    {
      "name": "CVE-2025-39826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39826"
    },
    {
      "name": "CVE-2025-39716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39716"
    },
    {
      "name": "CVE-2025-39702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39702"
    },
    {
      "name": "CVE-2025-39779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39779"
    },
    {
      "name": "CVE-2025-39685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39685"
    },
    {
      "name": "CVE-2025-39765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39765"
    },
    {
      "name": "CVE-2025-39720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39720"
    },
    {
      "name": "CVE-2025-39827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39827"
    },
    {
      "name": "CVE-2025-39828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39828"
    },
    {
      "name": "CVE-2025-22125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22125"
    },
    {
      "name": "CVE-2025-39811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39811"
    },
    {
      "name": "CVE-2025-38491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38491"
    },
    {
      "name": "CVE-2025-38708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38708"
    },
    {
      "name": "CVE-2025-22103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22103"
    },
    {
      "name": "CVE-2025-39701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39701"
    },
    {
      "name": "CVE-2025-39709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39709"
    },
    {
      "name": "CVE-2025-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39689"
    },
    {
      "name": "CVE-2025-39787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39787"
    },
    {
      "name": "CVE-2025-38734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38734"
    },
    {
      "name": "CVE-2025-38695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38695"
    },
    {
      "name": "CVE-2025-39749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39749"
    },
    {
      "name": "CVE-2025-39700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39700"
    },
    {
      "name": "CVE-2025-39866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39866"
    },
    {
      "name": "CVE-2025-39843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39843"
    },
    {
      "name": "CVE-2025-23160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23160"
    },
    {
      "name": "CVE-2025-39751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39751"
    },
    {
      "name": "CVE-2025-39681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39681"
    },
    {
      "name": "CVE-2025-39770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39770"
    },
    {
      "name": "CVE-2025-38706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38706"
    },
    {
      "name": "CVE-2025-38699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38699"
    },
    {
      "name": "CVE-2025-38707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38707"
    },
    {
      "name": "CVE-2025-39692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39692"
    },
    {
      "name": "CVE-2025-38677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38677"
    },
    {
      "name": "CVE-2025-39853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39853"
    },
    {
      "name": "CVE-2025-39857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39857"
    },
    {
      "name": "CVE-2025-39865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39865"
    },
    {
      "name": "CVE-2025-39675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39675"
    },
    {
      "name": "CVE-2025-39679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39679"
    },
    {
      "name": "CVE-2025-38693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38693"
    },
    {
      "name": "CVE-2025-38679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38679"
    },
    {
      "name": "CVE-2025-38685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38685"
    },
    {
      "name": "CVE-2025-38502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38502"
    },
    {
      "name": "CVE-2025-39838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39838"
    },
    {
      "name": "CVE-2025-39823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39823"
    },
    {
      "name": "CVE-2025-39864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39864"
    },
    {
      "name": "CVE-2025-39824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39824"
    },
    {
      "name": "CVE-2025-39737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39737"
    },
    {
      "name": "CVE-2025-38702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38702"
    },
    {
      "name": "CVE-2025-38724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
    },
    {
      "name": "CVE-2025-38698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38698"
    },
    {
      "name": "CVE-2025-21751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21751"
    },
    {
      "name": "CVE-2025-39842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39842"
    },
    {
      "name": "CVE-2025-39815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39815"
    },
    {
      "name": "CVE-2025-37931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37931"
    },
    {
      "name": "CVE-2025-39849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39849"
    },
    {
      "name": "CVE-2025-39861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39861"
    },
    {
      "name": "CVE-2025-39743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39743"
    },
    {
      "name": "CVE-2025-39718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39718"
    },
    {
      "name": "CVE-2025-38712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38712"
    },
    {
      "name": "CVE-2025-38732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38732"
    },
    {
      "name": "CVE-2025-39773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39773"
    },
    {
      "name": "CVE-2025-38696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38696"
    },
    {
      "name": "CVE-2025-38727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
    },
    {
      "name": "CVE-2025-39722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39722"
    },
    {
      "name": "CVE-2025-38670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38670"
    },
    {
      "name": "CVE-2025-39845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39845"
    },
    {
      "name": "CVE-2025-39788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39788"
    },
    {
      "name": "CVE-2025-39791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39791"
    },
    {
      "name": "CVE-2025-38735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38735"
    },
    {
      "name": "CVE-2025-39698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39698"
    },
    {
      "name": "CVE-2025-39805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39805"
    },
    {
      "name": "CVE-2025-22113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
    },
    {
      "name": "CVE-2025-38614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38614"
    },
    {
      "name": "CVE-2025-23143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23143"
    },
    {
      "name": "CVE-2025-38322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38322"
    },
    {
      "name": "CVE-2025-38694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38694"
    },
    {
      "name": "CVE-2025-38676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38676"
    },
    {
      "name": "CVE-2025-38729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38729"
    },
    {
      "name": "CVE-2025-38681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38681"
    },
    {
      "name": "CVE-2025-39795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39795"
    },
    {
      "name": "CVE-2025-38687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38687"
    },
    {
      "name": "CVE-2025-38272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38272"
    },
    {
      "name": "CVE-2025-38728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38728"
    },
    {
      "name": "CVE-2025-38715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38715"
    },
    {
      "name": "CVE-2025-39710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39710"
    },
    {
      "name": "CVE-2025-39683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39683"
    },
    {
      "name": "CVE-2025-39794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39794"
    },
    {
      "name": "CVE-2025-39697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
    },
    {
      "name": "CVE-2025-38713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38713"
    },
    {
      "name": "CVE-2025-38556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
    },
    {
      "name": "CVE-2025-39810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39810"
    },
    {
      "name": "CVE-2025-39782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39782"
    },
    {
      "name": "CVE-2025-38697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38697"
    },
    {
      "name": "CVE-2025-38691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38691"
    },
    {
      "name": "CVE-2025-39759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39759"
    },
    {
      "name": "CVE-2025-39860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39860"
    },
    {
      "name": "CVE-2025-39721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39721"
    },
    {
      "name": "CVE-2025-39760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
    },
    {
      "name": "CVE-2025-39673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39673"
    },
    {
      "name": "CVE-2025-39839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39839"
    },
    {
      "name": "CVE-2025-38723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38723"
    },
    {
      "name": "CVE-2024-57924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
    },
    {
      "name": "CVE-2025-39848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39848"
    },
    {
      "name": "CVE-2025-39800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39800"
    },
    {
      "name": "CVE-2025-39703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39703"
    },
    {
      "name": "CVE-2025-39825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39825"
    },
    {
      "name": "CVE-2025-38552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38552"
    },
    {
      "name": "CVE-2025-39852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39852"
    },
    {
      "name": "CVE-2025-39766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39766"
    },
    {
      "name": "CVE-2025-39801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39801"
    },
    {
      "name": "CVE-2025-39724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39724"
    },
    {
      "name": "CVE-2025-39687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39687"
    },
    {
      "name": "CVE-2025-39694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39694"
    },
    {
      "name": "CVE-2025-40300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
    },
    {
      "name": "CVE-2025-39806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39806"
    },
    {
      "name": "CVE-2025-39851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39851"
    },
    {
      "name": "CVE-2025-38721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38721"
    },
    {
      "name": "CVE-2025-39684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39684"
    },
    {
      "name": "CVE-2025-39807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39807"
    },
    {
      "name": "CVE-2025-38725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38725"
    },
    {
      "name": "CVE-2025-38347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38347"
    },
    {
      "name": "CVE-2025-39776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39776"
    },
    {
      "name": "CVE-2025-37968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37968"
    },
    {
      "name": "CVE-2025-38683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38683"
    },
    {
      "name": "CVE-2025-39736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39736"
    },
    {
      "name": "CVE-2025-39846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39846"
    },
    {
      "name": "CVE-2025-39691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39691"
    },
    {
      "name": "CVE-2025-39850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39850"
    },
    {
      "name": "CVE-2025-39844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39844"
    },
    {
      "name": "CVE-2025-39742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39742"
    },
    {
      "name": "CVE-2025-39863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39863"
    },
    {
      "name": "CVE-2025-38701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38701"
    },
    {
      "name": "CVE-2024-58240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58240"
    },
    {
      "name": "CVE-2025-39767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39767"
    },
    {
      "name": "CVE-2025-39817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39817"
    },
    {
      "name": "CVE-2024-47704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
    },
    {
      "name": "CVE-2025-39790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39790"
    },
    {
      "name": "CVE-2025-38680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38680"
    },
    {
      "name": "CVE-2025-38684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38684"
    },
    {
      "name": "CVE-2025-39686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39686"
    },
    {
      "name": "CVE-2025-39798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39798"
    },
    {
      "name": "CVE-2025-38730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38730"
    },
    {
      "name": "CVE-2025-22124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22124"
    },
    {
      "name": "CVE-2025-39714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39714"
    },
    {
      "name": "CVE-2025-39854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39854"
    },
    {
      "name": "CVE-2025-39706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39706"
    },
    {
      "name": "CVE-2025-38306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38306"
    },
    {
      "name": "CVE-2025-39719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39719"
    },
    {
      "name": "CVE-2025-39695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39695"
    },
    {
      "name": "CVE-2025-39738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39738"
    },
    {
      "name": "CVE-2025-39705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39705"
    },
    {
      "name": "CVE-2025-38737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38737"
    },
    {
      "name": "CVE-2025-39713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39713"
    },
    {
      "name": "CVE-2025-23133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23133"
    },
    {
      "name": "CVE-2025-39756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39756"
    },
    {
      "name": "CVE-2025-38736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38736"
    },
    {
      "name": "CVE-2025-39831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39831"
    },
    {
      "name": "CVE-2025-39693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39693"
    },
    {
      "name": "CVE-2025-39682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39682"
    },
    {
      "name": "CVE-2025-39676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39676"
    },
    {
      "name": "CVE-2025-39832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39832"
    },
    {
      "name": "CVE-2025-39813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39813"
    },
    {
      "name": "CVE-2025-39847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39847"
    },
    {
      "name": "CVE-2025-39819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39819"
    },
    {
      "name": "CVE-2025-39783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39783"
    },
    {
      "name": "CVE-2025-39715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39715"
    },
    {
      "name": "CVE-2025-39835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39835"
    },
    {
      "name": "CVE-2025-38700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38700"
    },
    {
      "name": "CVE-2025-39841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39841"
    },
    {
      "name": "CVE-2025-39712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39712"
    },
    {
      "name": "CVE-2025-39707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39707"
    },
    {
      "name": "CVE-2025-39829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39829"
    },
    {
      "name": "CVE-2025-39781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39781"
    },
    {
      "name": "CVE-2025-39780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39780"
    },
    {
      "name": "CVE-2025-39711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39711"
    },
    {
      "name": "CVE-2025-38714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38714"
    },
    {
      "name": "CVE-2025-39836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39836"
    },
    {
      "name": "CVE-2025-38733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38733"
    },
    {
      "name": "CVE-2025-39752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39752"
    }
  ],
  "initial_release_date": "2025-09-26T00:00:00",
  "last_revision_date": "2025-09-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0825",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
  "vendor_advisories": [
    {
      "published_at": "2025-09-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6009-1",
      "url": "https://lists.debian.org/debian-security-announce/2025/msg00173.html"
    },
    {
      "published_at": "2025-09-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6008-1",
      "url": "https://lists.debian.org/debian-security-announce/2025/msg00172.html"
    }
  ]
}

CVE-2025-21751

Vulnerability from fstec - Published: 02.01.2025

Title

Уязвимость функции hws_matcher_disconnect() модуля drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c - драйвера поддержки сетевых адаптеров Ethernet Mellanox ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации.

Description

Уязвимость функции hws_matcher_disconnect() модуля drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c - драйвера поддержки сетевых адаптеров Ethernet Mellanox ядра операционной системы Linux связана с повторным использованием ранее освобожденной памяти. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации.

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения

Software Name

Ubuntu, Debian GNU/Linux, Linux

Software Version

20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 24.04 LTS (Ubuntu), 24.10 (Ubuntu), от 6.12 до 6.13.2 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624 https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21751-101c@gregkh/ https://git.kernel.org/linus/1ce840c7a659aa53a31ef49f0271b4fd0dc10296 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.3 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-21751 Для Ubuntu: https://ubuntu.com/security/CVE-2025-21751

Reference

https://www.cve.org/CVERecord?id=CVE-2025-21751 https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624 https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21751-101c@gregkh/ https://git.kernel.org/linus/1ce840c7a659aa53a31ef49f0271b4fd0dc10296 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.3 https://security-tracker.debian.org/tracker/CVE-2025-21751 https://ubuntu.com/security/CVE-2025-21751

CWE

CWE-415

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 24.04 LTS (Ubuntu), 24.10 (Ubuntu), \u043e\u0442 6.12 \u0434\u043e 6.13.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624\nhttps://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21751-101c@gregkh/\nhttps://git.kernel.org/linus/1ce840c7a659aa53a31ef49f0271b4fd0dc10296\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.3\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-21751\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2025-21751",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.01.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.04.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-03900",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-21751",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Canonical Ltd. Ubuntu 22.04 LTS , Canonical Ltd. Ubuntu 24.04 LTS , Canonical Ltd. Ubuntu 24.10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.12 \u0434\u043e 6.13.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hws_matcher_disconnect() \u043c\u043e\u0434\u0443\u043b\u044f drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u043e\u0432 Ethernet Mellanox \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 (CWE-415)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hws_matcher_disconnect() \u043c\u043e\u0434\u0443\u043b\u044f drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u043e\u0432 Ethernet Mellanox \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u043d\u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cve.org/CVERecord?id=CVE-2025-21751\nhttps://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624\nhttps://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21751-101c@gregkh/\nhttps://git.kernel.org/linus/1ce840c7a659aa53a31ef49f0271b4fd0dc10296\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.3\nhttps://security-tracker.debian.org/tracker/CVE-2025-21751\nhttps://ubuntu.com/security/CVE-2025-21751",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-415",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

GHSA-6CPX-W2CG-QMGR

Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2025-09-19 15:31

Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: HWS, change error flow on matcher disconnect

Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, which continues running the calling function and eventually frees the matcher that is being disconnected. This leads to a case where we have a freed matcher on the matchers list, which in turn leads to use-after-free and eventual crash.

This patch fixes that by not trying to reconnect the matcher back when some FW command fails during disconnect.

Note that we're dealing here with FW error. We can't overcome this problem. This might lead to bad steering state (e.g. wrong connection between matchers), and will also lead to resource leakage, as it is the case with any other error handling during resource destruction.

However, the goal here is to allow the driver to continue and not crash the machine with use-after-free error.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-21751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T03:15:15Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, change error flow on matcher disconnect\n\nCurrently, when firmware failure occurs during matcher disconnect flow,\nthe error flow of the function reconnects the matcher back and returns\nan error, which continues running the calling function and eventually\nfrees the matcher that is being disconnected.\nThis leads to a case where we have a freed matcher on the matchers list,\nwhich in turn leads to use-after-free and eventual crash.\n\nThis patch fixes that by not trying to reconnect the matcher back when\nsome FW command fails during disconnect.\n\nNote that we\u0027re dealing here with FW error. We can\u0027t overcome this\nproblem. This might lead to bad steering state (e.g. wrong connection\nbetween matchers), and will also lead to resource leakage, as it is\nthe case with any other error handling during resource destruction.\n\nHowever, the goal here is to allow the driver to continue and not crash\nthe machine with use-after-free error.",
  "id": "GHSA-6cpx-w2cg-qmgr",
  "modified": "2025-09-19T15:31:07Z",
  "published": "2025-02-27T03:34:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21751"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5682aad0276ff9b9b0eff3188eb6a1f504d6b436"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-21751 (GCVE-0-2025-21751)

FKIE_CVE-2025-21751

CERTFR-2025-AVI-0825

Solutions

CVE-2025-21751

GHSA-6CPX-W2CG-QMGR

Tags

Sightings

Nomenclature