Bug 2360201 (CVE-2025-22060) - CVE-2025-22060 kernel: net: mvpp2: Prevent parser TCAM memory corruption
Summary: CVE-2025-22060 kernel: net: mvpp2: Prevent parser TCAM memory corruption
Keywords:
Status: NEW
Alias: CVE-2025-22060
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-16 15:02 UTC by OSIDB Bzimport
Modified: 2025-04-17 15:40 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-04-16 15:02:19 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: mvpp2: Prevent parser TCAM memory corruption

Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM
information, from concurrent modifications.

Both the TCAM and SRAM tables are indirectly accessed by configuring
an index register that selects the row to read or write to. This means
that operations must be atomic in order to, e.g., avoid spreading
writes across multiple rows. Since the shadow SRAM array is used to
find free rows in the hardware table, it must also be protected in
order to avoid TOCTOU errors where multiple cores allocate the same
row.

This issue was detected in a situation where `mvpp2_set_rx_mode()` ran
concurrently on two CPUs. In this particular case the
MVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the
classifier unit to drop all incoming unicast - indicated by the
`rx_classifier_drops` counter.
Comment 1 Avinash Hanwate 2025-04-17 15:34:04 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025041606-CVE-2025-22060-cba9@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.