{
  "public_date" : "2025-02-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq",
    "id" : "2348588",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2348588"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq\nkvzalloc_node is not doing a runtime check on the node argument\n(__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands to\nnothing on !CONFIG_DEBUG_VM builds), so doing any ethtool/netlink\noperation that calls mlx5e_open on a CPU that's larger that MAX_NUMNODES\ntriggers OOB access and panic (see the trace below).\nAdd missing cpu_to_node call to convert cpu id to node id.\n[  165.427394] mlx5_core 0000:5c:00.0 beth1: Link up\n[  166.479327] BUG: unable to handle page fault for address: 0000000800000010\n[  166.494592] #PF: supervisor read access in kernel mode\n[  166.505995] #PF: error_code(0x0000) - not-present page\n...\n[  166.816958] Call Trace:\n[  166.822380]  <TASK>\n[  166.827034]  ? __die_body+0x64/0xb0\n[  166.834774]  ? page_fault_oops+0x2cd/0x3f0\n[  166.843862]  ? exc_page_fault+0x63/0x130\n[  166.852564]  ? asm_exc_page_fault+0x22/0x30\n[  166.861843]  ? __kvmalloc_node_noprof+0x43/0xd0\n[  166.871897]  ? get_partial_node+0x1c/0x320\n[  166.880983]  ? deactivate_slab+0x269/0x2b0\n[  166.890069]  ___slab_alloc+0x521/0xa90\n[  166.898389]  ? __kvmalloc_node_noprof+0x43/0xd0\n[  166.908442]  __kmalloc_node_noprof+0x216/0x3f0\n[  166.918302]  ? __kvmalloc_node_noprof+0x43/0xd0\n[  166.928354]  __kvmalloc_node_noprof+0x43/0xd0\n[  166.938021]  mlx5e_open_channels+0x5e2/0xc00\n[  166.947496]  mlx5e_open_locked+0x3e/0xf0\n[  166.956201]  mlx5e_open+0x23/0x50\n[  166.963551]  __dev_open+0x114/0x1c0\n[  166.971292]  __dev_change_flags+0xa2/0x1b0\n[  166.980378]  dev_change_flags+0x21/0x60\n[  166.988887]  do_setlink+0x38d/0xf20\n[  166.996628]  ? ep_poll_callback+0x1b9/0x240\n[  167.005910]  ? __nla_validate_parse.llvm.10713395753544950386+0x80/0xd70\n[  167.020782]  ? __wake_up_sync_key+0x52/0x80\n[  167.030066]  ? __mutex_lock+0xff/0x550\n[  167.038382]  ? security_capable+0x50/0x90\n[  167.047279]  rtnl_setlink+0x1c9/0x210\n[  167.055403]  ? ep_poll_callback+0x1b9/0x240\n[  167.064684]  ? security_capable+0x50/0x90\n[  167.073579]  rtnetlink_rcv_msg+0x2f9/0x310\n[  167.082667]  ? rtnetlink_bind+0x30/0x30\n[  167.091173]  netlink_rcv_skb+0xb1/0xe0\n[  167.099492]  netlink_unicast+0x20f/0x2e0\n[  167.108191]  netlink_sendmsg+0x389/0x420\n[  167.116896]  __sys_sendto+0x158/0x1c0\n[  167.125024]  __x64_sys_sendto+0x22/0x30\n[  167.133534]  do_syscall_64+0x63/0x130\n[  167.141657]  ? __irq_exit_rcu.llvm.17843942359718260576+0x52/0xd0\n[  167.155181]  entry_SYSCALL_64_after_hwframe+0x4b/0x53" ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-21717\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21717\nhttps://lore.kernel.org/linux-cve-announce/2025022646-CVE-2025-21717-3893@gregkh/T" ],
  "name" : "CVE-2025-21717",
  "csaw" : false
}