CVE-2025-23155
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
17/03/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: stmmac: Fix accessing freed irq affinity_hint<br />
<br />
In stmmac_request_irq_multi_msi(), a pointer to the stack variable<br />
cpu_mask is passed to irq_set_affinity_hint(). This value is stored in<br />
irq_desc->affinity_hint, but once stmmac_request_irq_multi_msi()<br />
returns, the pointer becomes dangling.<br />
<br />
The affinity_hint is exposed via procfs with S_IRUGO permissions,<br />
allowing any unprivileged process to read it. Accessing this stale<br />
pointer can lead to:<br />
<br />
- a kernel oops or panic if the referenced memory has been released and<br />
unmapped, or<br />
- leakage of kernel data into userspace if the memory is re-used for<br />
other purposes.<br />
<br />
All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are<br />
affected.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.13 (including) | 6.12.36 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2fbf67ddb8a0d0efc00d2df496a9843ec318d48b
- https://git.kernel.org/stable/c/442312c2a90d60c7a5197246583fa91d9e579985
- https://git.kernel.org/stable/c/960dab23f6d405740c537d095f90a4ee9ddd9285
- https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd
- https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef
- https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef