CVE-2025-21650

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue<br /> <br /> The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs<br /> 1024-1279 are in different BAR space addresses. However,<br /> hclge_fetch_pf_reg does not distinguish the tqp space information when<br /> reading the tqp space information. When the number of TQPs is greater<br /> than 1024, access bar space overwriting occurs.<br /> The problem of different segments has been considered during the<br /> initialization of tqp.io_base. Therefore, tqp.io_base is directly used<br /> when the queue is read in hclge_fetch_pf_reg.<br /> <br /> The error message:<br /> <br /> Unable to handle kernel paging request at virtual address ffff800037200000<br /> pc : hclge_fetch_pf_reg+0x138/0x250 [hclge]<br /> lr : hclge_get_regs+0x84/0x1d0 [hclge]<br /> Call trace:<br /> hclge_fetch_pf_reg+0x138/0x250 [hclge]<br /> hclge_get_regs+0x84/0x1d0 [hclge]<br /> hns3_get_regs+0x2c/0x50 [hns3]<br /> ethtool_get_regs+0xf4/0x270<br /> dev_ethtool+0x674/0x8a0<br /> dev_ioctl+0x270/0x36c<br /> sock_do_ioctl+0x110/0x2a0<br /> sock_ioctl+0x2ac/0x530<br /> __arm64_sys_ioctl+0xa8/0x100<br /> invoke_syscall+0x4c/0x124<br /> el0_svc_common.constprop.0+0x140/0x15c<br /> do_el0_svc+0x30/0xd0<br /> el0_svc+0x1c/0x2c<br /> el0_sync_handler+0xb0/0xb4<br /> el0_sync+0x168/0x180