Bug 2356601 (CVE-2025-21954) - CVE-2025-21954 kernel: netmem: prevent TX of unreadable skbs
Summary: CVE-2025-21954 kernel: netmem: prevent TX of unreadable skbs
Keywords:
Status: NEW
Alias: CVE-2025-21954
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-01 16:01 UTC by OSIDB Bzimport
Modified: 2025-04-02 04:51 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-04-01 16:01:54 UTC 
In the Linux kernel, the following vulnerability has been resolved:

netmem: prevent TX of unreadable skbs

Currently on stable trees we have support for netmem/devmem RX but not
TX. It is not safe to forward/redirect an RX unreadable netmem packet
into the device's TX path, as the device may call dma-mapping APIs on
dma addrs that should not be passed to it.

Fix this by preventing the xmit of unreadable skbs.

Tested by configuring tc redirect:

sudo tc qdisc add dev eth1 ingress
sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \
	tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1

Before, I see unreadable skbs in the driver's TX path passed to dma
mapping APIs.

After, I don't see unreadable skbs in the driver's TX path passed to dma
mapping APIs.
Comment 1 Robb Gatica 2025-04-02 04:33:35 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025040143-CVE-2025-21954-8f0d@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.