CVE-2025-21649: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash. [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge] [ 128.292938] sp : ffff800059b93140 [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280 [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080 [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001 [ 128.315969] x23: 0000000000000000 x22: 0000000000000194 [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000 [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000 [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24 [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000 [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368 [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02 [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0 [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000 [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294 [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080 [ 128.390626] Call trace: [ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3] [ 128.405468] xmit_one.constprop.0+0xc4/0x200 [ 128.410600] dev_hard_start_xmit+0x54/0xf0 [ 128.415556] sch_direct_xmit+0xe8/0x634 [ 128.420246] __dev_queue_xmit+0x224/0xc70 [ 128.425101] dev_queue_xmit+0x1c/0x40 [ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch] [ 128.435409] do_output+0x60/0x17c [openvswitch] [ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch] [ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch] [ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch] [ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch] [ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch] [ 128.471460] xmit_one.constprop.0+0xc4/0x200 [ 128.476561] dev_hard_start_xmit+0x54/0xf0 [ 128.481489] __dev_queue_xmit+0x968/0xc70 [ 128.486330] dev_queue_xmit+0x1c/0x40 [ 128.490856] ip_finish_output2+0x250/0x570 [ 128.495810] __ip_finish_output+0x170/0x1e0 [ 128.500832] ip_finish_output+0x3c/0xf0 [ 128.505504] ip_output+0xbc/0x160 [ 128.509654] ip_send_skb+0x58/0xd4 [ 128.513892] udp_send_skb+0x12c/0x354 [ 128.518387] udp_sendmsg+0x7a8/0x9c0 [ 128.522793] inet_sendmsg+0x4c/0x8c [ 128.527116] __sock_sendmsg+0x48/0x80 [ 128.531609] __sys_sendto+0x124/0x164 [ 128.536099] __arm64_sys_sendto+0x30/0x5c [ 128.540935] invoke_syscall+0x50/0x130 [ 128.545508] el0_svc_common.constprop.0+0x10c/0x124 [ 128.551205] do_el0_svc+0x34/0xdc [ 128.555347] el0_svc+0x20/0x30 [ 128.559227] el0_sync_handler+0xb8/0xc0 [ 128.563883] el0_sync+0x160/0x180
AI Analysis
Technical Summary
CVE-2025-21649 is a vulnerability identified in the Linux kernel specifically affecting the hns3 network driver used for HIP08 devices. The root cause of the vulnerability is that HIP08 devices do not register Precision Time Protocol (PTP) devices, resulting in the hdev->ptp pointer being NULL. Despite this, the transmit (tx) process attempts to set hardware timestamp information using the SKBTX_HW_TSTAMP flag. This leads to a NULL pointer dereference when the kernel tries to access the uninitialized ptp device pointer, causing a kernel crash. The crash occurs in the function hclge_ptp_set_tx_info within the hclge module, as evidenced by the kernel stack trace provided. The vulnerability manifests as a denial of service (DoS) condition due to the kernel panic triggered by the NULL pointer dereference. The issue arises during packet transmission, involving the network stack and Open vSwitch components, which are commonly used in virtualized and cloud environments. The vulnerability affects Linux kernel versions containing the specified commit hashes (0bf5eb788512187b744ef7f79de835e6cbe85b9c). No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The vulnerability was publicly disclosed on January 19, 2025, and is classified as a kernel-level bug that can cause system instability and crashes when certain network packets with 1588 timestamps are sent on affected hardware. This flaw is particularly relevant for systems using HIP08 network interface cards (NICs) with the hns3 driver, which are often found in data center and enterprise networking equipment.
Potential Impact
For European organizations, the impact of CVE-2025-21649 can be significant, especially for those relying on Linux-based servers and infrastructure that utilize HIP08 NICs with the hns3 driver. The vulnerability can cause kernel crashes leading to denial of service, which disrupts network communications and potentially critical services. Organizations operating cloud environments, virtualized data centers, or network appliances using Open vSwitch in combination with affected hardware are at higher risk. The resulting downtime could affect business continuity, service availability, and operational efficiency. Additionally, repeated crashes might lead to data loss or corruption if systems are not properly hardened or if failover mechanisms are insufficient. While this vulnerability does not appear to allow privilege escalation or remote code execution directly, the denial of service impact on critical infrastructure components can have cascading effects on confidentiality and integrity indirectly by disrupting security monitoring and incident response capabilities. European sectors such as finance, telecommunications, healthcare, and government, which depend heavily on stable and secure network infrastructure, could face operational and reputational damage if exploited.
Mitigation Recommendations
To mitigate CVE-2025-21649, European organizations should take the following specific actions: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring that the hns3 driver and related modules are updated. 2) Identify and inventory all systems using HIP08 devices with the hns3 driver to prioritize patch deployment. 3) If immediate patching is not feasible, consider disabling hardware timestamping features or the use of PTP on affected devices as a temporary workaround to prevent triggering the NULL pointer dereference. 4) Monitor kernel logs and system stability metrics for signs of crashes related to this vulnerability, especially on network-intensive systems. 5) Implement robust network segmentation and access controls to limit exposure of vulnerable systems to untrusted networks or users who might send malformed 1588 timestamped packets. 6) Use kernel crash dump and analysis tools to quickly diagnose and recover from any incidents caused by this vulnerability. 7) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and guidance. 8) For environments using Open vSwitch, ensure it is updated to versions compatible with patched kernels to avoid secondary issues during packet processing.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium, Italy
CVE-2025-21649: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash. [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge] [ 128.292938] sp : ffff800059b93140 [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280 [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080 [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001 [ 128.315969] x23: 0000000000000000 x22: 0000000000000194 [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000 [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000 [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24 [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000 [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368 [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02 [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0 [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000 [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294 [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080 [ 128.390626] Call trace: [ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3] [ 128.405468] xmit_one.constprop.0+0xc4/0x200 [ 128.410600] dev_hard_start_xmit+0x54/0xf0 [ 128.415556] sch_direct_xmit+0xe8/0x634 [ 128.420246] __dev_queue_xmit+0x224/0xc70 [ 128.425101] dev_queue_xmit+0x1c/0x40 [ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch] [ 128.435409] do_output+0x60/0x17c [openvswitch] [ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch] [ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch] [ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch] [ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch] [ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch] [ 128.471460] xmit_one.constprop.0+0xc4/0x200 [ 128.476561] dev_hard_start_xmit+0x54/0xf0 [ 128.481489] __dev_queue_xmit+0x968/0xc70 [ 128.486330] dev_queue_xmit+0x1c/0x40 [ 128.490856] ip_finish_output2+0x250/0x570 [ 128.495810] __ip_finish_output+0x170/0x1e0 [ 128.500832] ip_finish_output+0x3c/0xf0 [ 128.505504] ip_output+0xbc/0x160 [ 128.509654] ip_send_skb+0x58/0xd4 [ 128.513892] udp_send_skb+0x12c/0x354 [ 128.518387] udp_sendmsg+0x7a8/0x9c0 [ 128.522793] inet_sendmsg+0x4c/0x8c [ 128.527116] __sock_sendmsg+0x48/0x80 [ 128.531609] __sys_sendto+0x124/0x164 [ 128.536099] __arm64_sys_sendto+0x30/0x5c [ 128.540935] invoke_syscall+0x50/0x130 [ 128.545508] el0_svc_common.constprop.0+0x10c/0x124 [ 128.551205] do_el0_svc+0x34/0xdc [ 128.555347] el0_svc+0x20/0x30 [ 128.559227] el0_sync_handler+0xb8/0xc0 [ 128.563883] el0_sync+0x160/0x180
AI-Powered Analysis
Technical Analysis
CVE-2025-21649 is a vulnerability identified in the Linux kernel specifically affecting the hns3 network driver used for HIP08 devices. The root cause of the vulnerability is that HIP08 devices do not register Precision Time Protocol (PTP) devices, resulting in the hdev->ptp pointer being NULL. Despite this, the transmit (tx) process attempts to set hardware timestamp information using the SKBTX_HW_TSTAMP flag. This leads to a NULL pointer dereference when the kernel tries to access the uninitialized ptp device pointer, causing a kernel crash. The crash occurs in the function hclge_ptp_set_tx_info within the hclge module, as evidenced by the kernel stack trace provided. The vulnerability manifests as a denial of service (DoS) condition due to the kernel panic triggered by the NULL pointer dereference. The issue arises during packet transmission, involving the network stack and Open vSwitch components, which are commonly used in virtualized and cloud environments. The vulnerability affects Linux kernel versions containing the specified commit hashes (0bf5eb788512187b744ef7f79de835e6cbe85b9c). No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The vulnerability was publicly disclosed on January 19, 2025, and is classified as a kernel-level bug that can cause system instability and crashes when certain network packets with 1588 timestamps are sent on affected hardware. This flaw is particularly relevant for systems using HIP08 network interface cards (NICs) with the hns3 driver, which are often found in data center and enterprise networking equipment.
Potential Impact
For European organizations, the impact of CVE-2025-21649 can be significant, especially for those relying on Linux-based servers and infrastructure that utilize HIP08 NICs with the hns3 driver. The vulnerability can cause kernel crashes leading to denial of service, which disrupts network communications and potentially critical services. Organizations operating cloud environments, virtualized data centers, or network appliances using Open vSwitch in combination with affected hardware are at higher risk. The resulting downtime could affect business continuity, service availability, and operational efficiency. Additionally, repeated crashes might lead to data loss or corruption if systems are not properly hardened or if failover mechanisms are insufficient. While this vulnerability does not appear to allow privilege escalation or remote code execution directly, the denial of service impact on critical infrastructure components can have cascading effects on confidentiality and integrity indirectly by disrupting security monitoring and incident response capabilities. European sectors such as finance, telecommunications, healthcare, and government, which depend heavily on stable and secure network infrastructure, could face operational and reputational damage if exploited.
Mitigation Recommendations
To mitigate CVE-2025-21649, European organizations should take the following specific actions: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring that the hns3 driver and related modules are updated. 2) Identify and inventory all systems using HIP08 devices with the hns3 driver to prioritize patch deployment. 3) If immediate patching is not feasible, consider disabling hardware timestamping features or the use of PTP on affected devices as a temporary workaround to prevent triggering the NULL pointer dereference. 4) Monitor kernel logs and system stability metrics for signs of crashes related to this vulnerability, especially on network-intensive systems. 5) Implement robust network segmentation and access controls to limit exposure of vulnerable systems to untrusted networks or users who might send malformed 1588 timestamped packets. 6) Use kernel crash dump and analysis tools to quickly diagnose and recover from any incidents caused by this vulnerability. 7) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and guidance. 8) For environments using Open vSwitch, ensure it is updated to versions compatible with patched kernels to avoid secondary issues during packet processing.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.728Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9730
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 4:27:17 PM
Last updated: 8/1/2025, 12:18:17 AM
Views: 11
Related Threats
CVE-2025-40770: CWE-300: Channel Accessible by Non-Endpoint in Siemens SINEC Traffic Analyzer
HighCVE-2025-40769: CWE-1164: Irrelevant Code in Siemens SINEC Traffic Analyzer
HighCVE-2025-40768: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Siemens SINEC Traffic Analyzer
HighCVE-2025-40767: CWE-250: Execution with Unnecessary Privileges in Siemens SINEC Traffic Analyzer
HighCVE-2025-40766: CWE-400: Uncontrolled Resource Consumption in Siemens SINEC Traffic Analyzer
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.