#VU105162 Input validation error in Linux kernel - CVE-2025-21802
Published: February 28, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU105162
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-21802
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/82736bb83fb0221319c85c2e9917d0189cd84e1e
- https://git.kernel.org/stable/c/92e5995773774a3e70257e9c95ea03518268bea5
- https://git.kernel.org/stable/c/b5a8bc47aa0a4aa8bca5466dfa2d12dbb5b3cd0c
- https://git.kernel.org/stable/c/cafe9a27e22736d4a01b3933e36225f9857c7988
- https://git.kernel.org/stable/c/e876522659012ef2e73834a0b9f1cbe3f74d5fad
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129