CVE-2025-21717

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq<br /> <br /> kvzalloc_node is not doing a runtime check on the node argument<br /> (__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands to<br /> nothing on !CONFIG_DEBUG_VM builds), so doing any ethtool/netlink<br /> operation that calls mlx5e_open on a CPU that&amp;#39;s larger that MAX_NUMNODES<br /> triggers OOB access and panic (see the trace below).<br /> <br /> Add missing cpu_to_node call to convert cpu id to node id.<br /> <br /> [ 165.427394] mlx5_core 0000:5c:00.0 beth1: Link up<br /> [ 166.479327] BUG: unable to handle page fault for address: 0000000800000010<br /> [ 166.494592] #PF: supervisor read access in kernel mode<br /> [ 166.505995] #PF: error_code(0x0000) - not-present page<br /> ...<br /> [ 166.816958] Call Trace:<br /> [ 166.822380] <br /> [ 166.827034] ? __die_body+0x64/0xb0<br /> [ 166.834774] ? page_fault_oops+0x2cd/0x3f0<br /> [ 166.843862] ? exc_page_fault+0x63/0x130<br /> [ 166.852564] ? asm_exc_page_fault+0x22/0x30<br /> [ 166.861843] ? __kvmalloc_node_noprof+0x43/0xd0<br /> [ 166.871897] ? get_partial_node+0x1c/0x320<br /> [ 166.880983] ? deactivate_slab+0x269/0x2b0<br /> [ 166.890069] ___slab_alloc+0x521/0xa90<br /> [ 166.898389] ? __kvmalloc_node_noprof+0x43/0xd0<br /> [ 166.908442] __kmalloc_node_noprof+0x216/0x3f0<br /> [ 166.918302] ? __kvmalloc_node_noprof+0x43/0xd0<br /> [ 166.928354] __kvmalloc_node_noprof+0x43/0xd0<br /> [ 166.938021] mlx5e_open_channels+0x5e2/0xc00<br /> [ 166.947496] mlx5e_open_locked+0x3e/0xf0<br /> [ 166.956201] mlx5e_open+0x23/0x50<br /> [ 166.963551] __dev_open+0x114/0x1c0<br /> [ 166.971292] __dev_change_flags+0xa2/0x1b0<br /> [ 166.980378] dev_change_flags+0x21/0x60<br /> [ 166.988887] do_setlink+0x38d/0xf20<br /> [ 166.996628] ? ep_poll_callback+0x1b9/0x240<br /> [ 167.005910] ? __nla_validate_parse.llvm.10713395753544950386+0x80/0xd70<br /> [ 167.020782] ? __wake_up_sync_key+0x52/0x80<br /> [ 167.030066] ? __mutex_lock+0xff/0x550<br /> [ 167.038382] ? security_capable+0x50/0x90<br /> [ 167.047279] rtnl_setlink+0x1c9/0x210<br /> [ 167.055403] ? ep_poll_callback+0x1b9/0x240<br /> [ 167.064684] ? security_capable+0x50/0x90<br /> [ 167.073579] rtnetlink_rcv_msg+0x2f9/0x310<br /> [ 167.082667] ? rtnetlink_bind+0x30/0x30<br /> [ 167.091173] netlink_rcv_skb+0xb1/0xe0<br /> [ 167.099492] netlink_unicast+0x20f/0x2e0<br /> [ 167.108191] netlink_sendmsg+0x389/0x420<br /> [ 167.116896] __sys_sendto+0x158/0x1c0<br /> [ 167.125024] __x64_sys_sendto+0x22/0x30<br /> [ 167.133534] do_syscall_64+0x63/0x130<br /> [ 167.141657] ? __irq_exit_rcu.llvm.17843942359718260576+0x52/0xd0<br /> [ 167.155181] entry_SYSCALL_64_after_hwframe+0x4b/0x53