CVE-2025-21717: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq kvzalloc_node is not doing a runtime check on the node argument (__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands to nothing on !CONFIG_DEBUG_VM builds), so doing any ethtool/netlink operation that calls mlx5e_open on a CPU that's larger that MAX_NUMNODES triggers OOB access and panic (see the trace below). Add missing cpu_to_node call to convert cpu id to node id. [ 165.427394] mlx5_core 0000:5c:00.0 beth1: Link up [ 166.479327] BUG: unable to handle page fault for address: 0000000800000010 [ 166.494592] #PF: supervisor read access in kernel mode [ 166.505995] #PF: error_code(0x0000) - not-present page ... [ 166.816958] Call Trace: [ 166.822380] <TASK> [ 166.827034] ? __die_body+0x64/0xb0 [ 166.834774] ? page_fault_oops+0x2cd/0x3f0 [ 166.843862] ? exc_page_fault+0x63/0x130 [ 166.852564] ? asm_exc_page_fault+0x22/0x30 [ 166.861843] ? __kvmalloc_node_noprof+0x43/0xd0 [ 166.871897] ? get_partial_node+0x1c/0x320 [ 166.880983] ? deactivate_slab+0x269/0x2b0 [ 166.890069] ___slab_alloc+0x521/0xa90 [ 166.898389] ? __kvmalloc_node_noprof+0x43/0xd0 [ 166.908442] __kmalloc_node_noprof+0x216/0x3f0 [ 166.918302] ? __kvmalloc_node_noprof+0x43/0xd0 [ 166.928354] __kvmalloc_node_noprof+0x43/0xd0 [ 166.938021] mlx5e_open_channels+0x5e2/0xc00 [ 166.947496] mlx5e_open_locked+0x3e/0xf0 [ 166.956201] mlx5e_open+0x23/0x50 [ 166.963551] __dev_open+0x114/0x1c0 [ 166.971292] __dev_change_flags+0xa2/0x1b0 [ 166.980378] dev_change_flags+0x21/0x60 [ 166.988887] do_setlink+0x38d/0xf20 [ 166.996628] ? ep_poll_callback+0x1b9/0x240 [ 167.005910] ? __nla_validate_parse.llvm.10713395753544950386+0x80/0xd70 [ 167.020782] ? __wake_up_sync_key+0x52/0x80 [ 167.030066] ? __mutex_lock+0xff/0x550 [ 167.038382] ? security_capable+0x50/0x90 [ 167.047279] rtnl_setlink+0x1c9/0x210 [ 167.055403] ? ep_poll_callback+0x1b9/0x240 [ 167.064684] ? security_capable+0x50/0x90 [ 167.073579] rtnetlink_rcv_msg+0x2f9/0x310 [ 167.082667] ? rtnetlink_bind+0x30/0x30 [ 167.091173] netlink_rcv_skb+0xb1/0xe0 [ 167.099492] netlink_unicast+0x20f/0x2e0 [ 167.108191] netlink_sendmsg+0x389/0x420 [ 167.116896] __sys_sendto+0x158/0x1c0 [ 167.125024] __x64_sys_sendto+0x22/0x30 [ 167.133534] do_syscall_64+0x63/0x130 [ 167.141657] ? __irq_exit_rcu.llvm.17843942359718260576+0x52/0xd0 [ 167.155181] entry_SYSCALL_64_after_hwframe+0x4b/0x53
AI Analysis
Technical Summary
CVE-2025-21717 is a vulnerability identified in the Linux kernel, specifically affecting the Mellanox mlx5 Ethernet driver component (mlx5e). The issue arises from a missing conversion of CPU IDs to NUMA node IDs when allocating memory with kvzalloc_node in the mlx5e_open_xdpredirect_sq function. The Linux kernel function kvzalloc_node is used to allocate memory on a specific NUMA node, but it does not perform runtime validation of the node argument. In non-debug kernel builds, this lack of validation can lead to out-of-bounds (OOB) memory access if the CPU ID passed exceeds the maximum number of NUMA nodes (MAX_NUMNODES). This OOB access results in a kernel panic and system crash, as demonstrated by the provided kernel trace showing a page fault triggered during ethtool or netlink operations that invoke mlx5e_open on an invalid CPU ID. The root cause is the absence of the cpu_to_node conversion, which should translate a CPU identifier to its corresponding NUMA node identifier before memory allocation. This vulnerability can be triggered by performing network interface operations that cause mlx5e_open to be called on a CPU ID outside the valid range, leading to a denial of service (DoS) via kernel panic. The vulnerability affects Linux kernel versions containing the specified commit hashes and is resolved by adding the missing cpu_to_node call. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts system stability and availability but does not appear to allow privilege escalation or code execution directly.
Potential Impact
For European organizations relying on Linux servers with Mellanox mlx5 network adapters, this vulnerability poses a risk of denial of service due to kernel panics triggered by certain network management operations. This can disrupt critical network services, especially in data centers, cloud infrastructure, and high-performance computing environments where Mellanox hardware is prevalent. The impact is primarily on availability, potentially causing unexpected system reboots and service interruptions. Organizations with NUMA architectures and multi-CPU systems are more susceptible, as the vulnerability is triggered by CPU IDs exceeding the maximum NUMA nodes. While no direct confidentiality or integrity compromise is indicated, the operational disruption could affect business continuity, service level agreements, and incident response efforts. Given the widespread use of Linux in European enterprise and public sector infrastructure, unpatched systems could face increased downtime and operational risk until remediation is applied.
Mitigation Recommendations
1. Apply the official Linux kernel patch that adds the missing cpu_to_node conversion in the mlx5e driver to ensure proper NUMA node validation during memory allocation. 2. Upgrade to the latest stable Linux kernel version that includes this fix as soon as it becomes available from your Linux distribution vendor. 3. In environments where immediate patching is not feasible, restrict or carefully control the use of ethtool and netlink operations that could trigger mlx5e_open calls, especially on systems with Mellanox mlx5 hardware. 4. Monitor kernel logs for signs of page faults or kernel panics related to mlx5e to detect potential triggering of this vulnerability. 5. Conduct thorough testing of network management scripts and automation tools that interact with Mellanox network interfaces to avoid inadvertent triggering of the vulnerability. 6. Coordinate with hardware and software vendors to ensure firmware and driver compatibility with patched kernels. 7. Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of unexpected kernel panics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium, Italy, Spain
CVE-2025-21717: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq kvzalloc_node is not doing a runtime check on the node argument (__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands to nothing on !CONFIG_DEBUG_VM builds), so doing any ethtool/netlink operation that calls mlx5e_open on a CPU that's larger that MAX_NUMNODES triggers OOB access and panic (see the trace below). Add missing cpu_to_node call to convert cpu id to node id. [ 165.427394] mlx5_core 0000:5c:00.0 beth1: Link up [ 166.479327] BUG: unable to handle page fault for address: 0000000800000010 [ 166.494592] #PF: supervisor read access in kernel mode [ 166.505995] #PF: error_code(0x0000) - not-present page ... [ 166.816958] Call Trace: [ 166.822380] <TASK> [ 166.827034] ? __die_body+0x64/0xb0 [ 166.834774] ? page_fault_oops+0x2cd/0x3f0 [ 166.843862] ? exc_page_fault+0x63/0x130 [ 166.852564] ? asm_exc_page_fault+0x22/0x30 [ 166.861843] ? __kvmalloc_node_noprof+0x43/0xd0 [ 166.871897] ? get_partial_node+0x1c/0x320 [ 166.880983] ? deactivate_slab+0x269/0x2b0 [ 166.890069] ___slab_alloc+0x521/0xa90 [ 166.898389] ? __kvmalloc_node_noprof+0x43/0xd0 [ 166.908442] __kmalloc_node_noprof+0x216/0x3f0 [ 166.918302] ? __kvmalloc_node_noprof+0x43/0xd0 [ 166.928354] __kvmalloc_node_noprof+0x43/0xd0 [ 166.938021] mlx5e_open_channels+0x5e2/0xc00 [ 166.947496] mlx5e_open_locked+0x3e/0xf0 [ 166.956201] mlx5e_open+0x23/0x50 [ 166.963551] __dev_open+0x114/0x1c0 [ 166.971292] __dev_change_flags+0xa2/0x1b0 [ 166.980378] dev_change_flags+0x21/0x60 [ 166.988887] do_setlink+0x38d/0xf20 [ 166.996628] ? ep_poll_callback+0x1b9/0x240 [ 167.005910] ? __nla_validate_parse.llvm.10713395753544950386+0x80/0xd70 [ 167.020782] ? __wake_up_sync_key+0x52/0x80 [ 167.030066] ? __mutex_lock+0xff/0x550 [ 167.038382] ? security_capable+0x50/0x90 [ 167.047279] rtnl_setlink+0x1c9/0x210 [ 167.055403] ? ep_poll_callback+0x1b9/0x240 [ 167.064684] ? security_capable+0x50/0x90 [ 167.073579] rtnetlink_rcv_msg+0x2f9/0x310 [ 167.082667] ? rtnetlink_bind+0x30/0x30 [ 167.091173] netlink_rcv_skb+0xb1/0xe0 [ 167.099492] netlink_unicast+0x20f/0x2e0 [ 167.108191] netlink_sendmsg+0x389/0x420 [ 167.116896] __sys_sendto+0x158/0x1c0 [ 167.125024] __x64_sys_sendto+0x22/0x30 [ 167.133534] do_syscall_64+0x63/0x130 [ 167.141657] ? __irq_exit_rcu.llvm.17843942359718260576+0x52/0xd0 [ 167.155181] entry_SYSCALL_64_after_hwframe+0x4b/0x53
AI-Powered Analysis
Technical Analysis
CVE-2025-21717 is a vulnerability identified in the Linux kernel, specifically affecting the Mellanox mlx5 Ethernet driver component (mlx5e). The issue arises from a missing conversion of CPU IDs to NUMA node IDs when allocating memory with kvzalloc_node in the mlx5e_open_xdpredirect_sq function. The Linux kernel function kvzalloc_node is used to allocate memory on a specific NUMA node, but it does not perform runtime validation of the node argument. In non-debug kernel builds, this lack of validation can lead to out-of-bounds (OOB) memory access if the CPU ID passed exceeds the maximum number of NUMA nodes (MAX_NUMNODES). This OOB access results in a kernel panic and system crash, as demonstrated by the provided kernel trace showing a page fault triggered during ethtool or netlink operations that invoke mlx5e_open on an invalid CPU ID. The root cause is the absence of the cpu_to_node conversion, which should translate a CPU identifier to its corresponding NUMA node identifier before memory allocation. This vulnerability can be triggered by performing network interface operations that cause mlx5e_open to be called on a CPU ID outside the valid range, leading to a denial of service (DoS) via kernel panic. The vulnerability affects Linux kernel versions containing the specified commit hashes and is resolved by adding the missing cpu_to_node call. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts system stability and availability but does not appear to allow privilege escalation or code execution directly.
Potential Impact
For European organizations relying on Linux servers with Mellanox mlx5 network adapters, this vulnerability poses a risk of denial of service due to kernel panics triggered by certain network management operations. This can disrupt critical network services, especially in data centers, cloud infrastructure, and high-performance computing environments where Mellanox hardware is prevalent. The impact is primarily on availability, potentially causing unexpected system reboots and service interruptions. Organizations with NUMA architectures and multi-CPU systems are more susceptible, as the vulnerability is triggered by CPU IDs exceeding the maximum NUMA nodes. While no direct confidentiality or integrity compromise is indicated, the operational disruption could affect business continuity, service level agreements, and incident response efforts. Given the widespread use of Linux in European enterprise and public sector infrastructure, unpatched systems could face increased downtime and operational risk until remediation is applied.
Mitigation Recommendations
1. Apply the official Linux kernel patch that adds the missing cpu_to_node conversion in the mlx5e driver to ensure proper NUMA node validation during memory allocation. 2. Upgrade to the latest stable Linux kernel version that includes this fix as soon as it becomes available from your Linux distribution vendor. 3. In environments where immediate patching is not feasible, restrict or carefully control the use of ethtool and netlink operations that could trigger mlx5e_open calls, especially on systems with Mellanox mlx5 hardware. 4. Monitor kernel logs for signs of page faults or kernel panics related to mlx5e to detect potential triggering of this vulnerability. 5. Conduct thorough testing of network management scripts and automation tools that interact with Mellanox network interfaces to avoid inadvertent triggering of the vulnerability. 6. Coordinate with hardware and software vendors to ensure firmware and driver compatibility with patched kernels. 7. Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of unexpected kernel panics.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.753Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe85a3
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:26:39 AM
Last updated: 8/12/2025, 4:25:58 PM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.