fkie_cve-2025-21954
Vulnerability from fkie_nvd
Published
2025-04-01 16:15
Modified
2025-04-01 20:26
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: netmem: prevent TX of unreadable skbs Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device's TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it. Fix this by preventing the xmit of unreadable skbs. Tested by configuring tc redirect: sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1 Before, I see unreadable skbs in the driver's TX path passed to dma mapping APIs. After, I don't see unreadable skbs in the driver's TX path passed to dma mapping APIs.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1c17c8ced25c5fbe424c7ad7ea11d33014a986b1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/454825019d2f0c59e5174ece9e713f45ad80beff
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f3600c867c99a2cc8038680ecf211089c50e7971
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetmem: prevent TX of unreadable skbs\n\nCurrently on stable trees we have support for netmem/devmem RX but not\nTX. It is not safe to forward/redirect an RX unreadable netmem packet\ninto the device\u0027s TX path, as the device may call dma-mapping APIs on\ndma addrs that should not be passed to it.\n\nFix this by preventing the xmit of unreadable skbs.\n\nTested by configuring tc redirect:\n\nsudo tc qdisc add dev eth1 ingress\nsudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \\\n\ttcp src_ip 192.168.1.12 action mirred egress redirect dev eth1\n\nBefore, I see unreadable skbs in the driver\u0027s TX path passed to dma\nmapping APIs.\n\nAfter, I don\u0027t see unreadable skbs in the driver\u0027s TX path passed to dma\nmapping APIs."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netmem: evitar TX de skbs ilegibles Actualmente en \u00e1rboles estables tenemos soporte para netmem/devmem RX pero no TX. No es seguro reenviar/redirigir un paquete netmem ilegible RX en la ruta TX del dispositivo, ya que el dispositivo puede llamar a las API de mapeo DMA en direcciones DMA que no se le deben pasar. Arregle esto al evitar la xmit de skbs ilegibles. Probado al configurar tc redirect: sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \\ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1 Antes, ve\u00eda skbs ilegibles en la ruta TX del controlador pasada a las API de mapeo DMA. Despu\u00e9s, no veo skbs ilegibles en la ruta TX del controlador pasada a las API de mapeo de DMA."
    }
  ],
  "id": "CVE-2025-21954",
  "lastModified": "2025-04-01T20:26:01.990",
  "metrics": {},
  "published": "2025-04-01T16:15:26.610",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1c17c8ced25c5fbe424c7ad7ea11d33014a986b1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/454825019d2f0c59e5174ece9e713f45ad80beff"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f3600c867c99a2cc8038680ecf211089c50e7971"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.