CVE-2025-21649

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: hns3: fix kernel crash when 1588 is sent on HIP08 devices<br /> <br /> Currently, HIP08 devices does not register the ptp devices, so the<br /> hdev-&gt;ptp is NULL. But the tx process would still try to set hardware time<br /> stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash.<br /> <br /> [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018<br /> ...<br /> [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge]<br /> [ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge]<br /> [ 128.292938] sp : ffff800059b93140<br /> [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280<br /> [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080<br /> [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001<br /> [ 128.315969] x23: 0000000000000000 x22: 0000000000000194<br /> [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000<br /> [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000<br /> [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24<br /> [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000<br /> [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368<br /> [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02<br /> [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0<br /> [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000<br /> [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff<br /> [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294<br /> [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080<br /> [ 128.390626] Call trace:<br /> [ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge]<br /> [ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3]<br /> [ 128.405468] xmit_one.constprop.0+0xc4/0x200<br /> [ 128.410600] dev_hard_start_xmit+0x54/0xf0<br /> [ 128.415556] sch_direct_xmit+0xe8/0x634<br /> [ 128.420246] __dev_queue_xmit+0x224/0xc70<br /> [ 128.425101] dev_queue_xmit+0x1c/0x40<br /> [ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch]<br /> [ 128.435409] do_output+0x60/0x17c [openvswitch]<br /> [ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch]<br /> [ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch]<br /> [ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch]<br /> [ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch]<br /> [ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch]<br /> [ 128.471460] xmit_one.constprop.0+0xc4/0x200<br /> [ 128.476561] dev_hard_start_xmit+0x54/0xf0<br /> [ 128.481489] __dev_queue_xmit+0x968/0xc70<br /> [ 128.486330] dev_queue_xmit+0x1c/0x40<br /> [ 128.490856] ip_finish_output2+0x250/0x570<br /> [ 128.495810] __ip_finish_output+0x170/0x1e0<br /> [ 128.500832] ip_finish_output+0x3c/0xf0<br /> [ 128.505504] ip_output+0xbc/0x160<br /> [ 128.509654] ip_send_skb+0x58/0xd4<br /> [ 128.513892] udp_send_skb+0x12c/0x354<br /> [ 128.518387] udp_sendmsg+0x7a8/0x9c0<br /> [ 128.522793] inet_sendmsg+0x4c/0x8c<br /> [ 128.527116] __sock_sendmsg+0x48/0x80<br /> [ 128.531609] __sys_sendto+0x124/0x164<br /> [ 128.536099] __arm64_sys_sendto+0x30/0x5c<br /> [ 128.540935] invoke_syscall+0x50/0x130<br /> [ 128.545508] el0_svc_common.constprop.0+0x10c/0x124<br /> [ 128.551205] do_el0_svc+0x34/0xdc<br /> [ 128.555347] el0_svc+0x20/0x30<br /> [ 128.559227] el0_sync_handler+0xb8/0xc0<br /> [ 128.563883] el0_sync+0x160/0x180