fkie_nvd - fkie_cve-2025-22103

fkie_cve-2025-22103

Vulnerability from fkie_nvd

Published

2025-04-16 15:16

Modified

2025-04-17 20:22

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdev_l3_rcv When delete l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s This may cause a null pointer dereference: Call trace: ip_rcv_finish+0x48/0xd0 ip_rcv+0x5c/0x100 __netif_receive_skb_one_core+0x64/0xb0 __netif_receive_skb+0x20/0x80 process_backlog+0xb4/0x204 napi_poll+0xe8/0x294 net_rx_action+0xd8/0x22c __do_softirq+0x12c/0x354 This is because l3mdev_l3_rcv() visit dev->l3mdev_ops after ipvlan_l3s_unregister() assign the dev->l3mdev_ops to NULL. The process like this: (CPU1) | (CPU2) l3mdev_l3_rcv() | check dev->priv_flags: | master = skb->dev; | | | ipvlan_l3s_unregister() | set dev->priv_flags | dev->l3mdev_ops = NULL; | visit master->l3mdev_ops | To avoid this by do not set dev->l3mdev_ops when unregister l3s ipvlan.

References

▶	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0032c99e83b9ce6d5995d65900aa4b6ffb501cce
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f9dff65140efc289f01bcf39c3ca66a8806b6132

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer dereference in l3mdev_l3_rcv\n\nWhen delete l3s ipvlan:\n\n    ip link del link eth0 ipvlan1 type ipvlan mode l3s\n\nThis may cause a null pointer dereference:\n\n    Call trace:\n     ip_rcv_finish+0x48/0xd0\n     ip_rcv+0x5c/0x100\n     __netif_receive_skb_one_core+0x64/0xb0\n     __netif_receive_skb+0x20/0x80\n     process_backlog+0xb4/0x204\n     napi_poll+0xe8/0x294\n     net_rx_action+0xd8/0x22c\n     __do_softirq+0x12c/0x354\n\nThis is because l3mdev_l3_rcv() visit dev-\u003el3mdev_ops after\nipvlan_l3s_unregister() assign the dev-\u003el3mdev_ops to NULL. The process\nlike this:\n\n    (CPU1)                     | (CPU2)\n    l3mdev_l3_rcv()            |\n      check dev-\u003epriv_flags:   |\n        master = skb-\u003edev;     |\n                               |\n                               | ipvlan_l3s_unregister()\n                               |   set dev-\u003epriv_flags\n                               |   dev-\u003el3mdev_ops = NULL;\n                               |\n      visit master-\u003el3mdev_ops |\n\nTo avoid this by do not set dev-\u003el3mdev_ops when unregister l3s ipvlan."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: corregir la desreferencia de puntero nulo en l3mdev_l3_rcv Al eliminar l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s Esto puede causar una desreferencia de puntero nulo: Rastreo de llamada: ip_rcv_finish+0x48/0xd0 ip_rcv+0x5c/0x100 __netif_receive_skb_one_core+0x64/0xb0 __netif_receive_skb+0x20/0x80 process_backlog+0xb4/0x204 napi_poll+0xe8/0x294 net_rx_action+0xd8/0x22c __do_softirq+0x12c/0x354 Esto se debe a que l3mdev_l3_rcv() visita Despu\u00e9s de ejecutar ipvlan_l3s_unregister(), dev-\u0026gt;l3mdev_ops asigna el valor NULL a dev-\u0026gt;l3mdev_ops. El proceso es el siguiente: (CPU1) | (CPU2) l3mdev_l3_rcv() | check dev-\u0026gt;priv_flags: | master = skb-\u0026gt;dev; | | | ipvlan_l3s_unregister() | set dev-\u0026gt;priv_flags | dev-\u0026gt;l3mdev_ops = NULL; | visit master-\u0026gt;l3mdev_ops | Para evitar esto, no configure dev-\u0026gt;l3mdev_ops al cancelar el registro de ipvlan l3s."
    }
  ],
  "id": "CVE-2025-22103",
  "lastModified": "2025-04-17T20:22:16.240",
  "metrics": {},
  "published": "2025-04-16T15:16:04.650",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0032c99e83b9ce6d5995d65900aa4b6ffb501cce"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f9dff65140efc289f01bcf39c3ca66a8806b6132"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-22103 (GCVE-0-2025-22103)

Vulnerability from cvelistv5

Published

2025-04-16 14:12

Modified

2025-05-26 05:18

Severity ?

Summary

References

►

URL

Tags

	https://git.kernel.org/stable/c/f9dff65140efc289f01bcf39c3ca66a8806b6132
	https://git.kernel.org/stable/c/0032c99e83b9ce6d5995d65900aa4b6ffb501cce

Impacted products

Vendor

Product

Version

►

Linux

Version: c675e06a98a474f7ad0af32ce467613da818da52
Version: c675e06a98a474f7ad0af32ce467613da818da52

Linux

Version: 5.1

Show details on NVD website