CVE-2025-22061

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()<br /> <br /> Fix the following kernel warning deleting HTB offloaded leafs and/or root<br /> HTB qdisc in airoha_eth driver properly reporting qid in<br /> airoha_tc_get_htb_get_leaf_queue routine.<br /> <br /> $tc qdisc replace dev eth1 root handle 10: htb offload<br /> $tc class add dev eth1 arent 10: classid 10:4 htb rate 100mbit ceil 100mbit<br /> $tc qdisc replace dev eth1 parent 10:4 handle 4: ets bands 8 \<br /> quanta 1514 3028 4542 6056 7570 9084 10598 12112<br /> $tc qdisc del dev eth1 root<br /> <br /> [ 55.827864] ------------[ cut here ]------------<br /> [ 55.832493] WARNING: CPU: 3 PID: 2678 at 0xffffffc0798695a4<br /> [ 55.956510] CPU: 3 PID: 2678 Comm: tc Tainted: G O 6.6.71 #0<br /> [ 55.963557] Hardware name: Airoha AN7581 Evaluation Board (DT)<br /> [ 55.969383] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> [ 55.976344] pc : 0xffffffc0798695a4<br /> [ 55.979851] lr : 0xffffffc079869a20<br /> [ 55.983358] sp : ffffffc0850536a0<br /> [ 55.986665] x29: ffffffc0850536a0 x28: 0000000000000024 x27: 0000000000000001<br /> [ 55.993800] x26: 0000000000000000 x25: ffffff8008b19000 x24: ffffff800222e800<br /> [ 56.000935] x23: 0000000000000001 x22: 0000000000000000 x21: ffffff8008b19000<br /> [ 56.008071] x20: ffffff8002225800 x19: ffffff800379d000 x18: 0000000000000000<br /> [ 56.015206] x17: ffffffbf9ea59000 x16: ffffffc080018000 x15: 0000000000000000<br /> [ 56.022342] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001<br /> [ 56.029478] x11: ffffffc081471008 x10: ffffffc081575a98 x9 : 0000000000000000<br /> [ 56.036614] x8 : ffffffc08167fd40 x7 : ffffffc08069e104 x6 : ffffff8007f86000<br /> [ 56.043748] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000001<br /> [ 56.050884] x2 : 0000000000000000 x1 : 0000000000000250 x0 : ffffff800222c000<br /> [ 56.058020] Call trace:<br /> [ 56.060459] 0xffffffc0798695a4<br /> [ 56.063618] 0xffffffc079869a20<br /> [ 56.066777] __qdisc_destroy+0x40/0xa0<br /> [ 56.070528] qdisc_put+0x54/0x6c<br /> [ 56.073748] qdisc_graft+0x41c/0x648<br /> [ 56.077324] tc_get_qdisc+0x168/0x2f8<br /> [ 56.080978] rtnetlink_rcv_msg+0x230/0x330<br /> [ 56.085076] netlink_rcv_skb+0x5c/0x128<br /> [ 56.088913] rtnetlink_rcv+0x14/0x1c<br /> [ 56.092490] netlink_unicast+0x1e0/0x2c8<br /> [ 56.096413] netlink_sendmsg+0x198/0x3c8<br /> [ 56.100337] ____sys_sendmsg+0x1c4/0x274<br /> [ 56.104261] ___sys_sendmsg+0x7c/0xc0<br /> [ 56.107924] __sys_sendmsg+0x44/0x98<br /> [ 56.111492] __arm64_sys_sendmsg+0x20/0x28<br /> [ 56.115580] invoke_syscall.constprop.0+0x58/0xfc<br /> [ 56.120285] do_el0_svc+0x3c/0xbc<br /> [ 56.123592] el0_svc+0x18/0x4c<br /> [ 56.126647] el0t_64_sync_handler+0x118/0x124<br /> [ 56.131005] el0t_64_sync+0x150/0x154<br /> [ 56.134660] ---[ end trace 0000000000000000 ]---