Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-22105

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/04/2025
Last modified:
06/12/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bonding: check xdp prog when set bond mode<br /> <br /> Following operations can trigger a warning[1]:<br /> <br /> ip netns add ns1<br /> ip netns exec ns1 ip link add bond0 type bond mode balance-rr<br /> ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp<br /> ip netns exec ns1 ip link set bond0 type bond mode broadcast<br /> ip netns del ns1<br /> <br /> When delete the namespace, dev_xdp_uninstall() is called to remove xdp<br /> program on bond dev, and bond_xdp_set() will check the bond mode. If bond<br /> mode is changed after attaching xdp program, the warning may occur.<br /> <br /> Some bond modes (broadcast, etc.) do not support native xdp. Set bond mode<br /> with xdp program attached is not good. Add check for xdp program when set<br /> bond mode.<br /> <br /> [1]<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930<br /> Modules linked in:<br /> CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014<br /> Workqueue: netns cleanup_net<br /> RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930<br /> Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ...<br /> RSP: 0018:ffffc90000063d80 EFLAGS: 00000282<br /> RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff<br /> RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48<br /> RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb<br /> R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8<br /> R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000<br /> FS: 0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0<br /> Call Trace:<br /> <br /> ? __warn+0x83/0x130<br /> ? unregister_netdevice_many_notify+0x8d9/0x930<br /> ? report_bug+0x18e/0x1a0<br /> ? handle_bug+0x54/0x90<br /> ? exc_invalid_op+0x18/0x70<br /> ? asm_exc_invalid_op+0x1a/0x20<br /> ? unregister_netdevice_many_notify+0x8d9/0x930<br /> ? bond_net_exit_batch_rtnl+0x5c/0x90<br /> cleanup_net+0x237/0x3d0<br /> process_one_work+0x163/0x390<br /> worker_thread+0x293/0x3b0<br /> ? __pfx_worker_thread+0x10/0x10<br /> kthread+0xec/0x1e0<br /> ? __pfx_kthread+0x10/0x10<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x2f/0x50<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br /> <br /> ---[ end trace 0000000000000000 ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15 (including) 6.12.57 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.14 (including) 6.14.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools