CVE-2025-21701 (GCVE-0-2025-21701)
Vulnerability from cvelistv5
Published
2025-02-13 15:05
Modified
2025-09-02 19:16
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace: <TASK> ethtool_check_max_channel+0x1ea/0x880 ethnl_set_channels+0x3c3/0xb10 ethnl_default_set_doit+0x306/0x650 genl_family_rcv_msg_doit+0x1e3/0x2c0 genl_rcv_msg+0x432/0x6f0 netlink_rcv_skb+0x13d/0x3b0 genl_rcv+0x28/0x40 netlink_unicast+0x42e/0x720 netlink_sendmsg+0x765/0xc20 __sys_sendto+0x3ac/0x420 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e This is because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, eg. set_channels in the above example. In this example the rss lock would be destroyed by the device unregistration path before being used again, but in general running ethnl operations while dismantle has started is not a good idea. Fix this by denying any operation on devices being unregistered. A check was already there in ethnl_ops_begin, but not wide enough. Note that the same issue cannot be seen on the ioctl version (__dev_ethtool) because the device reference is retrieved from within the rtnl lock section there. Once dismantle started, the net device is unlisted and no reference will be found.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3
Impacted products
Vendor Product Version
Linux Linux Version: cfd719f04267108f5f5bf802b9d7de69e99a99f9
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: 7c26da3be1e9843a15b5318f90db8a564479d2ac
 Create a notification for this product.
   Linux Linux Version: 5.16
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T19:15:24.731894Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T19:16:21.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ethtool/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "26bc6076798aa4dc83a07d0a386f9e57c94e8517",
              "status": "affected",
              "version": "cfd719f04267108f5f5bf802b9d7de69e99a99f9",
              "versionType": "git"
            },
            {
              "lessThan": "b1cb37a31a482df3dd35a6ac166282dac47664f4",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "2f29127e94ae9fdc7497331003d6860e9551cdf3",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "b382ab9b885cbb665e0e70a727f101c981b4edf3",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "4dc880245f9b529fa8f476b5553c799d2848b47b",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "12e070eb6964b341b41677fd260af5a305316a1f",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7c26da3be1e9843a15b5318f90db8a564479d2ac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ethtool/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "5.15.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.76",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.87",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n  DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n  WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n  CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n  RIP: 0010:__mutex_lock+0xc8a/0x1120\n  Call Trace:\n   \u003cTASK\u003e\n   ethtool_check_max_channel+0x1ea/0x880\n   ethnl_set_channels+0x3c3/0xb10\n   ethnl_default_set_doit+0x306/0x650\n   genl_family_rcv_msg_doit+0x1e3/0x2c0\n   genl_rcv_msg+0x432/0x6f0\n   netlink_rcv_skb+0x13d/0x3b0\n   genl_rcv+0x28/0x40\n   netlink_unicast+0x42e/0x720\n   netlink_sendmsg+0x765/0xc20\n   __sys_sendto+0x3ac/0x420\n   __x64_sys_sendto+0xe0/0x1c0\n   do_syscall_64+0x95/0x180\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:06:18.444Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b"
        },
        {
          "url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f"
        }
      ],
      "title": "net: avoid race between device unregistration and ethnl ops",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21701",
    "datePublished": "2025-02-13T15:05:46.483Z",
    "dateReserved": "2024-12-29T08:45:45.748Z",
    "dateUpdated": "2025-09-02T19:16:21.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21701\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-13T15:15:20.867\",\"lastModified\":\"2025-09-02T20:15:33.237\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: avoid race between device unregistration and ethnl ops\\n\\nThe following trace can be seen if a device is being unregistered while\\nits number of channels are being modified.\\n\\n  DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\\n  WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\\n  CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\\n  RIP: 0010:__mutex_lock+0xc8a/0x1120\\n  Call Trace:\\n   \u003cTASK\u003e\\n   ethtool_check_max_channel+0x1ea/0x880\\n   ethnl_set_channels+0x3c3/0xb10\\n   ethnl_default_set_doit+0x306/0x650\\n   genl_family_rcv_msg_doit+0x1e3/0x2c0\\n   genl_rcv_msg+0x432/0x6f0\\n   netlink_rcv_skb+0x13d/0x3b0\\n   genl_rcv+0x28/0x40\\n   netlink_unicast+0x42e/0x720\\n   netlink_sendmsg+0x765/0xc20\\n   __sys_sendto+0x3ac/0x420\\n   __x64_sys_sendto+0xe0/0x1c0\\n   do_syscall_64+0x95/0x180\\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\nThis is because unregister_netdevice_many_notify might run before the\\nrtnl lock section of ethnl operations, eg. set_channels in the above\\nexample. In this example the rss lock would be destroyed by the device\\nunregistration path before being used again, but in general running\\nethnl operations while dismantle has started is not a good idea.\\n\\nFix this by denying any operation on devices being unregistered. A check\\nwas already there in ethnl_ops_begin, but not wide enough.\\n\\nNote that the same issue cannot be seen on the ioctl version\\n(__dev_ethtool) because the device reference is retrieved from within\\nthe rtnl lock section there. Once dismantle started, the net device is\\nunlisted and no reference will be found.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: evitar la ejecuci\u00f3n entre la anulaci\u00f3n del registro del dispositivo y las operaciones ethnl. El siguiente rastro se puede ver si se anula el registro de un dispositivo mientras se modifica su n\u00famero de canales. DEBUG_LOCKS_WARN_ON(lock-\u0026gt;magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace:  ethtool_check_max_channel+0x1ea/0x880 ethnl_set_channels+0x3c3/0xb10 ethnl_default_set_doit+0x306/0x650 genl_family_rcv_msg_doit+0x1e3/0x2c0 genl_rcv_msg+0x432/0x6f0 netlink_rcv_skb+0x13d/0x3b0 genl_rcv+0x28/0x40 netlink_unicast+0x42e/0x720 netlink_sendmsg+0x765/0xc20 __sys_sendto+0x3ac/0x420 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e. Esto se debe a que unregister_netdevice_many_notify podr\u00eda ejecutarse antes de la secci\u00f3n de bloqueo rtnl de las operaciones ethnl, por ejemplo, set_channels en el ejemplo anterior. En este ejemplo, el bloqueo de rss se destruir\u00eda por la ruta de anulaci\u00f3n del registro del dispositivo antes de volver a usarse, pero en general, ejecutar operaciones ethnl mientras se ha iniciado el desmantelamiento no es una buena idea. Solucione esto denegando cualquier operaci\u00f3n en los dispositivos que se van a anular el registro. Ya hab\u00eda una comprobaci\u00f3n en ethnl_ops_begin, pero no lo suficientemente amplia. Tenga en cuenta que no se puede ver el mismo problema en la versi\u00f3n ioctl (__dev_ethtool) porque la referencia del dispositivo se recupera desde dentro de la secci\u00f3n de bloqueo rtnl all\u00ed. Una vez que se inicia el desmantelamiento, el dispositivo de red no aparece en la lista y no se encontrar\u00e1 ninguna referencia.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.4,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21701\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-02T19:15:24.731894Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-02T19:16:15.041Z\"}}], \"cna\": {\"title\": \"net: avoid race between device unregistration and ethnl ops\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"cfd719f04267108f5f5bf802b9d7de69e99a99f9\", \"lessThan\": \"26bc6076798aa4dc83a07d0a386f9e57c94e8517\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"b1cb37a31a482df3dd35a6ac166282dac47664f4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"2f29127e94ae9fdc7497331003d6860e9551cdf3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"b382ab9b885cbb665e0e70a727f101c981b4edf3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"4dc880245f9b529fa8f476b5553c799d2848b47b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dde91ccfa25fd58f64c397d91b81a4b393100ffa\", \"lessThan\": \"12e070eb6964b341b41677fd260af5a305316a1f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7c26da3be1e9843a15b5318f90db8a564479d2ac\", \"versionType\": \"git\"}], \"programFiles\": [\"net/ethtool/netlink.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.16\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.16\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.15.179\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.129\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.76\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/ethtool/netlink.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517\"}, {\"url\": \"https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4\"}, {\"url\": \"https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3\"}, {\"url\": \"https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3\"}, {\"url\": \"https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b\"}, {\"url\": \"https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: avoid race between device unregistration and ethnl ops\\n\\nThe following trace can be seen if a device is being unregistered while\\nits number of channels are being modified.\\n\\n  DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\\n  WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\\n  CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\\n  RIP: 0010:__mutex_lock+0xc8a/0x1120\\n  Call Trace:\\n   \u003cTASK\u003e\\n   ethtool_check_max_channel+0x1ea/0x880\\n   ethnl_set_channels+0x3c3/0xb10\\n   ethnl_default_set_doit+0x306/0x650\\n   genl_family_rcv_msg_doit+0x1e3/0x2c0\\n   genl_rcv_msg+0x432/0x6f0\\n   netlink_rcv_skb+0x13d/0x3b0\\n   genl_rcv+0x28/0x40\\n   netlink_unicast+0x42e/0x720\\n   netlink_sendmsg+0x765/0xc20\\n   __sys_sendto+0x3ac/0x420\\n   __x64_sys_sendto+0xe0/0x1c0\\n   do_syscall_64+0x95/0x180\\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\nThis is because unregister_netdevice_many_notify might run before the\\nrtnl lock section of ethnl operations, eg. set_channels in the above\\nexample. In this example the rss lock would be destroyed by the device\\nunregistration path before being used again, but in general running\\nethnl operations while dismantle has started is not a good idea.\\n\\nFix this by denying any operation on devices being unregistered. A check\\nwas already there in ethnl_ops_begin, but not wide enough.\\n\\nNote that the same issue cannot be seen on the ioctl version\\n(__dev_ethtool) because the device reference is retrieved from within\\nthe rtnl lock section there. Once dismantle started, the net device is\\nunlisted and no reference will be found.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.179\", \"versionStartIncluding\": \"5.15.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.129\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.76\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.13\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.2\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14\", \"versionStartIncluding\": \"5.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"5.10.87\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T13:06:18.444Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-21701\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-02T19:16:21.196Z\", \"dateReserved\": \"2024-12-29T08:45:45.748Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-13T15:05:46.483Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.