CVE-2025-21974: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() The bnxt_queue_mem_alloc() is called to allocate new queue memory when a queue is restarted. It internally accesses rx buffer descriptor corresponding to the index. The rx buffer descriptor is allocated and set when the interface is up and it's freed when the interface is down. So, if queue is restarted if interface is down, kernel panic occurs. Splat looks like: BUG: unable to handle page fault for address: 000000000000b240 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 UID: 0 PID: 1563 Comm: ncdevmem2 Not tainted 6.14.0-rc2+ #9 844ddba6e7c459cafd0bf4db9a3198e Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en] Code: 41 54 4d 89 c4 4d 69 c0 c0 05 00 00 55 48 89 f5 53 48 89 fb 4c 8d b5 40 05 00 00 48 83 ec 15 RSP: 0018:ffff9dcc83fef9e8 EFLAGS: 00010202 RAX: ffffffffc0457720 RBX: ffff934ed8d40000 RCX: 0000000000000000 RDX: 000000000000001f RSI: ffff934ea508f800 RDI: ffff934ea508f808 RBP: ffff934ea508f800 R08: 000000000000b240 R09: ffff934e84f4b000 R10: ffff9dcc83fefa30 R11: ffff934e84f4b000 R12: 000000000000001f R13: ffff934ed8d40ac0 R14: ffff934ea508fd40 R15: ffff934e84f4b000 FS: 00007fa73888c740(0000) GS:ffff93559f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000b240 CR3: 0000000145a2e000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x15a/0x460 ? exc_page_fault+0x6e/0x180 ? asm_exc_page_fault+0x22/0x30 ? __pfx_bnxt_queue_mem_alloc+0x10/0x10 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7] ? bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7] netdev_rx_queue_restart+0xc5/0x240 net_devmem_bind_dmabuf_to_queue+0xf8/0x200 netdev_nl_bind_rx_doit+0x3a7/0x450 genl_family_rcv_msg_doit+0xd9/0x130 genl_rcv_msg+0x184/0x2b0 ? __pfx_netdev_nl_bind_rx_doit+0x10/0x10 ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 ...
AI Analysis
Technical Summary
CVE-2025-21974 is a vulnerability identified in the Linux kernel's Broadcom NetXtreme (bnxt) network driver, specifically within the function bnxt_queue_mem_alloc(). This function is responsible for allocating new queue memory when a network queue is restarted. The vulnerability arises because bnxt_queue_mem_alloc() accesses the receive (rx) buffer descriptor corresponding to a queue index without verifying whether the network interface is up. The rx buffer descriptor is allocated and initialized only when the interface is up and is freed when the interface is down. If the queue restart is triggered while the interface is down, the function attempts to access freed or uninitialized memory, leading to a kernel panic due to a page fault. The panic manifests as a supervisor read access fault in kernel mode, causing the system to crash (kernel oops). This vulnerability can be triggered by restarting the network queue when the interface is down, which may occur during network reconfiguration or driver operations. The kernel panic results in a denial of service (DoS) condition, as the affected system becomes unstable or unresponsive. The vulnerability affects Linux kernel versions containing the bnxt driver implementation prior to the patch that adds a check to return failure if the interface is down during bnxt_queue_mem_alloc(). No known exploits are reported in the wild as of the publication date. The vulnerability does not require user interaction but does require privileged access to trigger the queue restart operation. The lack of a CVSS score indicates that the severity assessment must consider the impact on system availability and the conditions required for exploitation.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the Broadcom NetXtreme (bnxt) network driver, commonly found in servers, data centers, and network appliances. The impact is a potential denial of service through kernel panic, which can disrupt critical services, cause system downtime, and require manual intervention to recover. Organizations relying on Linux-based infrastructure for web hosting, cloud services, telecommunications, or industrial control systems may experience service interruptions. The vulnerability could affect high-availability environments and critical infrastructure, leading to operational disruptions and potential financial losses. Although no remote code execution or privilege escalation is indicated, the DoS impact on network interfaces can degrade network reliability and availability. European organizations with large-scale deployments of Broadcom network hardware integrated with Linux systems are particularly at risk. The vulnerability could also affect virtualized environments and cloud providers using affected Linux kernels, impacting multiple tenants or services. Given the strategic importance of telecommunications and cloud infrastructure in Europe, the vulnerability could have broader implications if exploited in targeted attacks or automated scanning campaigns.
Mitigation Recommendations
To mitigate CVE-2025-21974, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring the bnxt_queue_mem_alloc() function properly checks the interface state before accessing memory. 2) Identify and inventory all systems using Broadcom NetXtreme network adapters with the affected Linux kernel versions. 3) Implement strict change control and monitoring around network interface and driver operations to detect unusual queue restart activities, especially when interfaces are down. 4) Employ kernel crash dump analysis and monitoring tools to quickly detect and respond to kernel panics related to network drivers. 5) Where patching is not immediately feasible, consider disabling or isolating affected network interfaces or drivers temporarily to prevent triggering the vulnerability. 6) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and advisories. 7) Incorporate this vulnerability into incident response and business continuity planning to minimize downtime impact. 8) For virtualized or cloud environments, ensure hypervisor and guest kernel versions are updated and monitor for related instability. These targeted actions go beyond generic advice by focusing on the specific driver and operational conditions that trigger the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2025-21974: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() The bnxt_queue_mem_alloc() is called to allocate new queue memory when a queue is restarted. It internally accesses rx buffer descriptor corresponding to the index. The rx buffer descriptor is allocated and set when the interface is up and it's freed when the interface is down. So, if queue is restarted if interface is down, kernel panic occurs. Splat looks like: BUG: unable to handle page fault for address: 000000000000b240 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 UID: 0 PID: 1563 Comm: ncdevmem2 Not tainted 6.14.0-rc2+ #9 844ddba6e7c459cafd0bf4db9a3198e Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en] Code: 41 54 4d 89 c4 4d 69 c0 c0 05 00 00 55 48 89 f5 53 48 89 fb 4c 8d b5 40 05 00 00 48 83 ec 15 RSP: 0018:ffff9dcc83fef9e8 EFLAGS: 00010202 RAX: ffffffffc0457720 RBX: ffff934ed8d40000 RCX: 0000000000000000 RDX: 000000000000001f RSI: ffff934ea508f800 RDI: ffff934ea508f808 RBP: ffff934ea508f800 R08: 000000000000b240 R09: ffff934e84f4b000 R10: ffff9dcc83fefa30 R11: ffff934e84f4b000 R12: 000000000000001f R13: ffff934ed8d40ac0 R14: ffff934ea508fd40 R15: ffff934e84f4b000 FS: 00007fa73888c740(0000) GS:ffff93559f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000b240 CR3: 0000000145a2e000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x15a/0x460 ? exc_page_fault+0x6e/0x180 ? asm_exc_page_fault+0x22/0x30 ? __pfx_bnxt_queue_mem_alloc+0x10/0x10 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7] ? bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7] netdev_rx_queue_restart+0xc5/0x240 net_devmem_bind_dmabuf_to_queue+0xf8/0x200 netdev_nl_bind_rx_doit+0x3a7/0x450 genl_family_rcv_msg_doit+0xd9/0x130 genl_rcv_msg+0x184/0x2b0 ? __pfx_netdev_nl_bind_rx_doit+0x10/0x10 ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 ...
AI-Powered Analysis
Technical Analysis
CVE-2025-21974 is a vulnerability identified in the Linux kernel's Broadcom NetXtreme (bnxt) network driver, specifically within the function bnxt_queue_mem_alloc(). This function is responsible for allocating new queue memory when a network queue is restarted. The vulnerability arises because bnxt_queue_mem_alloc() accesses the receive (rx) buffer descriptor corresponding to a queue index without verifying whether the network interface is up. The rx buffer descriptor is allocated and initialized only when the interface is up and is freed when the interface is down. If the queue restart is triggered while the interface is down, the function attempts to access freed or uninitialized memory, leading to a kernel panic due to a page fault. The panic manifests as a supervisor read access fault in kernel mode, causing the system to crash (kernel oops). This vulnerability can be triggered by restarting the network queue when the interface is down, which may occur during network reconfiguration or driver operations. The kernel panic results in a denial of service (DoS) condition, as the affected system becomes unstable or unresponsive. The vulnerability affects Linux kernel versions containing the bnxt driver implementation prior to the patch that adds a check to return failure if the interface is down during bnxt_queue_mem_alloc(). No known exploits are reported in the wild as of the publication date. The vulnerability does not require user interaction but does require privileged access to trigger the queue restart operation. The lack of a CVSS score indicates that the severity assessment must consider the impact on system availability and the conditions required for exploitation.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the Broadcom NetXtreme (bnxt) network driver, commonly found in servers, data centers, and network appliances. The impact is a potential denial of service through kernel panic, which can disrupt critical services, cause system downtime, and require manual intervention to recover. Organizations relying on Linux-based infrastructure for web hosting, cloud services, telecommunications, or industrial control systems may experience service interruptions. The vulnerability could affect high-availability environments and critical infrastructure, leading to operational disruptions and potential financial losses. Although no remote code execution or privilege escalation is indicated, the DoS impact on network interfaces can degrade network reliability and availability. European organizations with large-scale deployments of Broadcom network hardware integrated with Linux systems are particularly at risk. The vulnerability could also affect virtualized environments and cloud providers using affected Linux kernels, impacting multiple tenants or services. Given the strategic importance of telecommunications and cloud infrastructure in Europe, the vulnerability could have broader implications if exploited in targeted attacks or automated scanning campaigns.
Mitigation Recommendations
To mitigate CVE-2025-21974, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring the bnxt_queue_mem_alloc() function properly checks the interface state before accessing memory. 2) Identify and inventory all systems using Broadcom NetXtreme network adapters with the affected Linux kernel versions. 3) Implement strict change control and monitoring around network interface and driver operations to detect unusual queue restart activities, especially when interfaces are down. 4) Employ kernel crash dump analysis and monitoring tools to quickly detect and respond to kernel panics related to network drivers. 5) Where patching is not immediately feasible, consider disabling or isolating affected network interfaces or drivers temporarily to prevent triggering the vulnerability. 6) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and advisories. 7) Incorporate this vulnerability into incident response and business continuity planning to minimize downtime impact. 8) For virtualized or cloud environments, ensure hypervisor and guest kernel versions are updated and monitor for related instability. These targeted actions go beyond generic advice by focusing on the specific driver and operational conditions that trigger the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.797Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe8dd7
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 11:26:09 AM
Last updated: 8/16/2025, 2:51:01 PM
Views: 15
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.