CVE-2025-22061: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() Fix the following kernel warning deleting HTB offloaded leafs and/or root HTB qdisc in airoha_eth driver properly reporting qid in airoha_tc_get_htb_get_leaf_queue routine. $tc qdisc replace dev eth1 root handle 10: htb offload $tc class add dev eth1 arent 10: classid 10:4 htb rate 100mbit ceil 100mbit $tc qdisc replace dev eth1 parent 10:4 handle 4: ets bands 8 \ quanta 1514 3028 4542 6056 7570 9084 10598 12112 $tc qdisc del dev eth1 root [ 55.827864] ------------[ cut here ]------------ [ 55.832493] WARNING: CPU: 3 PID: 2678 at 0xffffffc0798695a4 [ 55.956510] CPU: 3 PID: 2678 Comm: tc Tainted: G O 6.6.71 #0 [ 55.963557] Hardware name: Airoha AN7581 Evaluation Board (DT) [ 55.969383] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 55.976344] pc : 0xffffffc0798695a4 [ 55.979851] lr : 0xffffffc079869a20 [ 55.983358] sp : ffffffc0850536a0 [ 55.986665] x29: ffffffc0850536a0 x28: 0000000000000024 x27: 0000000000000001 [ 55.993800] x26: 0000000000000000 x25: ffffff8008b19000 x24: ffffff800222e800 [ 56.000935] x23: 0000000000000001 x22: 0000000000000000 x21: ffffff8008b19000 [ 56.008071] x20: ffffff8002225800 x19: ffffff800379d000 x18: 0000000000000000 [ 56.015206] x17: ffffffbf9ea59000 x16: ffffffc080018000 x15: 0000000000000000 [ 56.022342] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001 [ 56.029478] x11: ffffffc081471008 x10: ffffffc081575a98 x9 : 0000000000000000 [ 56.036614] x8 : ffffffc08167fd40 x7 : ffffffc08069e104 x6 : ffffff8007f86000 [ 56.043748] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000001 [ 56.050884] x2 : 0000000000000000 x1 : 0000000000000250 x0 : ffffff800222c000 [ 56.058020] Call trace: [ 56.060459] 0xffffffc0798695a4 [ 56.063618] 0xffffffc079869a20 [ 56.066777] __qdisc_destroy+0x40/0xa0 [ 56.070528] qdisc_put+0x54/0x6c [ 56.073748] qdisc_graft+0x41c/0x648 [ 56.077324] tc_get_qdisc+0x168/0x2f8 [ 56.080978] rtnetlink_rcv_msg+0x230/0x330 [ 56.085076] netlink_rcv_skb+0x5c/0x128 [ 56.088913] rtnetlink_rcv+0x14/0x1c [ 56.092490] netlink_unicast+0x1e0/0x2c8 [ 56.096413] netlink_sendmsg+0x198/0x3c8 [ 56.100337] ____sys_sendmsg+0x1c4/0x274 [ 56.104261] ___sys_sendmsg+0x7c/0xc0 [ 56.107924] __sys_sendmsg+0x44/0x98 [ 56.111492] __arm64_sys_sendmsg+0x20/0x28 [ 56.115580] invoke_syscall.constprop.0+0x58/0xfc [ 56.120285] do_el0_svc+0x3c/0xbc [ 56.123592] el0_svc+0x18/0x4c [ 56.126647] el0t_64_sync_handler+0x118/0x124 [ 56.131005] el0t_64_sync+0x150/0x154 [ 56.134660] ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2025-22061 is a vulnerability identified in the Linux kernel specifically related to the 'airoha' Ethernet driver, which handles HTB (Hierarchical Token Bucket) offloading for traffic control. The issue arises in the function 'airoha_tc_get_htb_get_leaf_queue', which improperly reports the queue ID (qid) when deleting HTB offloaded leaf or root qdiscs (queueing disciplines). This improper handling leads to kernel warnings and potentially unstable behavior, as evidenced by the kernel stack trace and warning messages included in the report. The vulnerability manifests when commands manipulating HTB offload qdiscs are executed, such as adding or deleting qdiscs and classes via the 'tc' (traffic control) utility. The kernel warning and trace indicate a use-after-free or invalid pointer dereference scenario during qdisc destruction and grafting operations, which could lead to kernel crashes (denial of service) or unpredictable kernel behavior. The vulnerability affects Linux kernel version 6.6.71 and possibly other versions containing the affected commit (ef1ca9271313b4ea7b03de69576aacef1e78f381). No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, involving network traffic control subsystems and driver-specific code for Airoha Ethernet hardware, which is used in certain embedded or specialized devices. The fix involves correcting the qid reporting logic to prevent kernel warnings and ensure proper qdisc deletion without corrupting kernel state.
Potential Impact
For European organizations, the primary impact of CVE-2025-22061 is the potential for denial of service (DoS) on Linux systems running the affected kernel versions with Airoha Ethernet hardware and utilizing HTB offloading for traffic control. This could disrupt network traffic management, leading to degraded network performance or outages in critical infrastructure, data centers, or enterprise networks. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, kernel crashes can cause system instability and downtime, impacting availability. Organizations relying on embedded Linux devices or specialized network equipment using the Airoha driver are at higher risk. The vulnerability could affect network appliances, IoT gateways, or telecom equipment deployed in European enterprises or service providers. Given the lack of known exploits, the immediate risk is moderate, but the potential for targeted attacks exploiting this flaw in critical network infrastructure cannot be discounted. The impact on confidentiality and integrity is low, but availability impact is medium to high depending on the deployment context.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems running kernel versions 6.6.71 or other versions containing the vulnerable commit and verify if the Airoha Ethernet driver is in use, especially in network appliances or embedded devices. 2) Apply kernel updates or patches from the Linux vendor or distribution maintainers that address this vulnerability as soon as they become available. 3) If immediate patching is not possible, disable HTB offloading on affected interfaces as a temporary workaround to prevent triggering the vulnerable code path. 4) Monitor system logs for kernel warnings related to qdisc operations and investigate any anomalies promptly. 5) Limit administrative access to systems performing traffic control operations to reduce the risk of exploitation via crafted 'tc' commands. 6) Engage with hardware vendors to confirm if firmware or driver updates are required for devices using Airoha Ethernet components. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure timely detection and remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy
CVE-2025-22061: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() Fix the following kernel warning deleting HTB offloaded leafs and/or root HTB qdisc in airoha_eth driver properly reporting qid in airoha_tc_get_htb_get_leaf_queue routine. $tc qdisc replace dev eth1 root handle 10: htb offload $tc class add dev eth1 arent 10: classid 10:4 htb rate 100mbit ceil 100mbit $tc qdisc replace dev eth1 parent 10:4 handle 4: ets bands 8 \ quanta 1514 3028 4542 6056 7570 9084 10598 12112 $tc qdisc del dev eth1 root [ 55.827864] ------------[ cut here ]------------ [ 55.832493] WARNING: CPU: 3 PID: 2678 at 0xffffffc0798695a4 [ 55.956510] CPU: 3 PID: 2678 Comm: tc Tainted: G O 6.6.71 #0 [ 55.963557] Hardware name: Airoha AN7581 Evaluation Board (DT) [ 55.969383] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 55.976344] pc : 0xffffffc0798695a4 [ 55.979851] lr : 0xffffffc079869a20 [ 55.983358] sp : ffffffc0850536a0 [ 55.986665] x29: ffffffc0850536a0 x28: 0000000000000024 x27: 0000000000000001 [ 55.993800] x26: 0000000000000000 x25: ffffff8008b19000 x24: ffffff800222e800 [ 56.000935] x23: 0000000000000001 x22: 0000000000000000 x21: ffffff8008b19000 [ 56.008071] x20: ffffff8002225800 x19: ffffff800379d000 x18: 0000000000000000 [ 56.015206] x17: ffffffbf9ea59000 x16: ffffffc080018000 x15: 0000000000000000 [ 56.022342] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001 [ 56.029478] x11: ffffffc081471008 x10: ffffffc081575a98 x9 : 0000000000000000 [ 56.036614] x8 : ffffffc08167fd40 x7 : ffffffc08069e104 x6 : ffffff8007f86000 [ 56.043748] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000001 [ 56.050884] x2 : 0000000000000000 x1 : 0000000000000250 x0 : ffffff800222c000 [ 56.058020] Call trace: [ 56.060459] 0xffffffc0798695a4 [ 56.063618] 0xffffffc079869a20 [ 56.066777] __qdisc_destroy+0x40/0xa0 [ 56.070528] qdisc_put+0x54/0x6c [ 56.073748] qdisc_graft+0x41c/0x648 [ 56.077324] tc_get_qdisc+0x168/0x2f8 [ 56.080978] rtnetlink_rcv_msg+0x230/0x330 [ 56.085076] netlink_rcv_skb+0x5c/0x128 [ 56.088913] rtnetlink_rcv+0x14/0x1c [ 56.092490] netlink_unicast+0x1e0/0x2c8 [ 56.096413] netlink_sendmsg+0x198/0x3c8 [ 56.100337] ____sys_sendmsg+0x1c4/0x274 [ 56.104261] ___sys_sendmsg+0x7c/0xc0 [ 56.107924] __sys_sendmsg+0x44/0x98 [ 56.111492] __arm64_sys_sendmsg+0x20/0x28 [ 56.115580] invoke_syscall.constprop.0+0x58/0xfc [ 56.120285] do_el0_svc+0x3c/0xbc [ 56.123592] el0_svc+0x18/0x4c [ 56.126647] el0t_64_sync_handler+0x118/0x124 [ 56.131005] el0t_64_sync+0x150/0x154 [ 56.134660] ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2025-22061 is a vulnerability identified in the Linux kernel specifically related to the 'airoha' Ethernet driver, which handles HTB (Hierarchical Token Bucket) offloading for traffic control. The issue arises in the function 'airoha_tc_get_htb_get_leaf_queue', which improperly reports the queue ID (qid) when deleting HTB offloaded leaf or root qdiscs (queueing disciplines). This improper handling leads to kernel warnings and potentially unstable behavior, as evidenced by the kernel stack trace and warning messages included in the report. The vulnerability manifests when commands manipulating HTB offload qdiscs are executed, such as adding or deleting qdiscs and classes via the 'tc' (traffic control) utility. The kernel warning and trace indicate a use-after-free or invalid pointer dereference scenario during qdisc destruction and grafting operations, which could lead to kernel crashes (denial of service) or unpredictable kernel behavior. The vulnerability affects Linux kernel version 6.6.71 and possibly other versions containing the affected commit (ef1ca9271313b4ea7b03de69576aacef1e78f381). No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, involving network traffic control subsystems and driver-specific code for Airoha Ethernet hardware, which is used in certain embedded or specialized devices. The fix involves correcting the qid reporting logic to prevent kernel warnings and ensure proper qdisc deletion without corrupting kernel state.
Potential Impact
For European organizations, the primary impact of CVE-2025-22061 is the potential for denial of service (DoS) on Linux systems running the affected kernel versions with Airoha Ethernet hardware and utilizing HTB offloading for traffic control. This could disrupt network traffic management, leading to degraded network performance or outages in critical infrastructure, data centers, or enterprise networks. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, kernel crashes can cause system instability and downtime, impacting availability. Organizations relying on embedded Linux devices or specialized network equipment using the Airoha driver are at higher risk. The vulnerability could affect network appliances, IoT gateways, or telecom equipment deployed in European enterprises or service providers. Given the lack of known exploits, the immediate risk is moderate, but the potential for targeted attacks exploiting this flaw in critical network infrastructure cannot be discounted. The impact on confidentiality and integrity is low, but availability impact is medium to high depending on the deployment context.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems running kernel versions 6.6.71 or other versions containing the vulnerable commit and verify if the Airoha Ethernet driver is in use, especially in network appliances or embedded devices. 2) Apply kernel updates or patches from the Linux vendor or distribution maintainers that address this vulnerability as soon as they become available. 3) If immediate patching is not possible, disable HTB offloading on affected interfaces as a temporary workaround to prevent triggering the vulnerable code path. 4) Monitor system logs for kernel warnings related to qdisc operations and investigate any anomalies promptly. 5) Limit administrative access to systems performing traffic control operations to reduce the risk of exploitation via crafted 'tc' commands. 6) Engage with hardware vendors to confirm if firmware or driver updates are required for devices using Airoha Ethernet components. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure timely detection and remediation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.812Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7fa4
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/3/2025, 8:42:05 PM
Last updated: 7/31/2025, 4:00:36 PM
Views: 12
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.