2348898 – (CVE-2025-21808) CVE-2025-21808 kernel: net: xdp: Disallow attaching device-bound programs in generic mode

Bug 2348898 (CVE-2025-21808) - CVE-2025-21808 kernel: net: xdp: Disallow attaching device-bound programs in generic mode

Summary: CVE-2025-21808 kernel: net: xdp: Disallow attaching device-bound programs in ...

Keywords:
Status:	NEW
Alias:	CVE-2025-21808
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-27 21:02 UTC by OSIDB Bzimport
Modified:	2025-02-28 05:49 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-27 21:02:21 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: xdp: Disallow attaching device-bound programs in generic mode

Device-bound programs are used to support RX metadata kfuncs. These
kfuncs are driver-specific and rely on the driver context to read the
metadata. This means they can't work in generic XDP mode. However, there
is no check to disallow such programs from being attached in generic
mode, in which case the metadata kfuncs will be called in an invalid
context, leading to crashes.

Fix this by adding a check to disallow attaching device-bound programs
in generic mode.

Comment 1 Avinash Hanwate 2025-02-28 05:44:46 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21808-b8bf@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.