CVE-2025-22075: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") added support for getting VF port and node GUIDs in netlink ifinfo messages, but their size was not taken into consideration in the function that allocates the netlink message, causing the following warning when a netlink message is filled with many VF port and node GUIDs: # echo 64 > /sys/bus/pci/devices/0000\:08\:00.0/sriov_numvfs # ip link show dev ib0 RTNETLINK answers: Message too long Cannot send link get request: Message too long Kernel warning: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0 Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rtnl_getlink+0x586/0x5a0 Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff <0f> 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ffff888113557348 EFLAGS: 00010246 RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000 RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8 RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000 R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00 R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff FS: 00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa5/0x230 ? rtnl_getlink+0x586/0x5a0 ? report_bug+0x22d/0x240 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x14/0x50 ? asm_exc_invalid_op+0x16/0x20 ? skb_trim+0x6a/0x80 ? rtnl_getlink+0x586/0x5a0 ? __pfx_rtnl_getlink+0x10/0x10 ? rtnetlink_rcv_msg+0x1e5/0x860 ? __pfx___mutex_lock+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? __pfx_lock_acquire+0x10/0x10 ? stack_trace_save+0x90/0xd0 ? filter_irq_stacks+0x1d/0x70 ? kasan_save_stack+0x30/0x40 ? kasan_save_stack+0x20/0x40 ? kasan_save_track+0x10/0x30 rtnetlink_rcv_msg+0x21c/0x860 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e ? __pfx_rtnetlink_rcv_msg+0x10/0x10 ? arch_stack_walk+0x9e/0xf0 ? rcu_is_watching+0x34/0x60 ? lock_acquire+0xd5/0x410 ? rcu_is_watching+0x34/0x60 netlink_rcv_skb+0xe0/0x210 ? __pfx_rtnetlink_rcv_msg+0x10/0x10 ? __pfx_netlink_rcv_skb+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? __pfx___netlink_lookup+0x10/0x10 ? lock_release+0x62/0x200 ? netlink_deliver_tap+0xfd/0x290 ? rcu_is_watching+0x34/0x60 ? lock_release+0x62/0x200 ? netlink_deliver_tap+0x95/0x290 netlink_unicast+0x31f/0x480 ? __pfx_netlink_unicast+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? lock_acquire+0xd5/0x410 netlink_sendmsg+0x369/0x660 ? lock_release+0x62/0x200 ? __pfx_netlink_sendmsg+0x10/0x10 ? import_ubuf+0xb9/0xf0 ? __import_iovec+0x254/0x2b0 ? lock_release+0x62/0x200 ? __pfx_netlink_sendmsg+0x10/0x10 ____sys_sendmsg+0x559/0x5a0 ? __pfx_____sys_sendmsg+0x10/0x10 ? __pfx_copy_msghdr_from_user+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? do_read_fault+0x213/0x4a0 ? rcu_is_watching+0x34/0x60 ___sys_sendmsg+0xe4/0x150 ? __pfx____sys_sendmsg+0x10/0x10 ? do_fault+0x2cc/0x6f0 ? handle_pte_fault+0x2e3/0x3d0 ? __pfx_handle_pte_fault+0x10/0x10 ---truncated---
AI Analysis
Technical Summary
CVE-2025-22075 is a vulnerability identified in the Linux kernel's rtnetlink subsystem, specifically related to the handling of Virtual Function (VF) GUIDs in netlink ifinfo messages. The vulnerability arises because the kernel code added support for retrieving VF port and node GUIDs but failed to properly account for the increased size of these GUIDs when allocating memory for netlink messages. This oversight leads to a situation where netlink messages can become too large to be handled correctly, resulting in errors such as "RTNETLINK answers: Message too long" and kernel warnings or crashes. The root cause is an insufficient allocation size for netlink messages when many VF GUIDs are present, causing the kernel to emit warnings and potentially leading to denial of service due to kernel warnings or crashes triggered by malformed or oversized netlink messages. The vulnerability is triggered when commands like "ip link show dev ib0" are executed on devices with many VFs configured (e.g., via sriov_numvfs). The detailed kernel warning and stack trace indicate that the issue occurs in the rtnl_getlink function, which is responsible for processing netlink link messages. While no known exploits are currently reported in the wild, the vulnerability could be leveraged to disrupt network management operations or cause kernel instability on affected systems. The affected versions correspond to a specific commit (30aad41721e0) in the Linux kernel source, indicating that this issue is present in kernel versions including or derived from this commit. The vulnerability affects Linux kernel installations that utilize SR-IOV (Single Root I/O Virtualization) with multiple virtual functions, particularly in environments using InfiniBand or similar network interfaces that expose VF GUIDs via rtnetlink. This vulnerability is primarily a denial-of-service risk due to kernel warnings and potential crashes, rather than a direct code execution or privilege escalation flaw.
Potential Impact
For European organizations, the impact of CVE-2025-22075 could be significant in environments relying on Linux servers with SR-IOV enabled network interfaces, especially those using InfiniBand or advanced networking hardware supporting virtual functions. Data centers, cloud providers, and enterprises with high-performance computing clusters or virtualized infrastructure could experience service disruptions due to kernel warnings or crashes triggered by this vulnerability. This could lead to network management failures, degraded network performance, or unplanned downtime affecting critical business operations. Since the vulnerability causes denial of service rather than direct data compromise, the confidentiality and integrity impact is limited; however, availability impact could be substantial, particularly for organizations with strict uptime requirements. Additionally, troubleshooting and remediation efforts may require kernel updates and careful validation to avoid operational disruptions. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent potential exploitation or accidental triggering during routine network management tasks.
Mitigation Recommendations
To mitigate CVE-2025-22075, European organizations should: 1) Apply the latest Linux kernel patches that address this issue as soon as they become available, ensuring that the netlink message allocation properly accounts for VF GUID sizes. 2) In the interim, limit the number of virtual functions configured on affected network devices to reduce the likelihood of triggering the message size limitation. 3) Monitor kernel logs for rtnetlink warnings or errors related to message size or VF GUID handling to detect potential attempts to exploit or inadvertently trigger the vulnerability. 4) Implement strict access controls on systems with SR-IOV enabled to restrict who can execute network management commands that interact with rtnetlink interfaces, reducing the risk of accidental or malicious triggering. 5) Test kernel updates in staging environments that mirror production to ensure stability and compatibility, especially in complex networking setups involving SR-IOV and InfiniBand. 6) Coordinate with hardware vendors for firmware or driver updates that may complement kernel fixes and improve VF GUID handling robustness. 7) Document and train network administrators on the implications of this vulnerability and the importance of cautious configuration of virtual functions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland, Belgium, Switzerland
CVE-2025-22075: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") added support for getting VF port and node GUIDs in netlink ifinfo messages, but their size was not taken into consideration in the function that allocates the netlink message, causing the following warning when a netlink message is filled with many VF port and node GUIDs: # echo 64 > /sys/bus/pci/devices/0000\:08\:00.0/sriov_numvfs # ip link show dev ib0 RTNETLINK answers: Message too long Cannot send link get request: Message too long Kernel warning: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0 Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rtnl_getlink+0x586/0x5a0 Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff <0f> 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ffff888113557348 EFLAGS: 00010246 RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000 RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8 RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000 R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00 R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff FS: 00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa5/0x230 ? rtnl_getlink+0x586/0x5a0 ? report_bug+0x22d/0x240 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x14/0x50 ? asm_exc_invalid_op+0x16/0x20 ? skb_trim+0x6a/0x80 ? rtnl_getlink+0x586/0x5a0 ? __pfx_rtnl_getlink+0x10/0x10 ? rtnetlink_rcv_msg+0x1e5/0x860 ? __pfx___mutex_lock+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? __pfx_lock_acquire+0x10/0x10 ? stack_trace_save+0x90/0xd0 ? filter_irq_stacks+0x1d/0x70 ? kasan_save_stack+0x30/0x40 ? kasan_save_stack+0x20/0x40 ? kasan_save_track+0x10/0x30 rtnetlink_rcv_msg+0x21c/0x860 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e ? __pfx_rtnetlink_rcv_msg+0x10/0x10 ? arch_stack_walk+0x9e/0xf0 ? rcu_is_watching+0x34/0x60 ? lock_acquire+0xd5/0x410 ? rcu_is_watching+0x34/0x60 netlink_rcv_skb+0xe0/0x210 ? __pfx_rtnetlink_rcv_msg+0x10/0x10 ? __pfx_netlink_rcv_skb+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? __pfx___netlink_lookup+0x10/0x10 ? lock_release+0x62/0x200 ? netlink_deliver_tap+0xfd/0x290 ? rcu_is_watching+0x34/0x60 ? lock_release+0x62/0x200 ? netlink_deliver_tap+0x95/0x290 netlink_unicast+0x31f/0x480 ? __pfx_netlink_unicast+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? lock_acquire+0xd5/0x410 netlink_sendmsg+0x369/0x660 ? lock_release+0x62/0x200 ? __pfx_netlink_sendmsg+0x10/0x10 ? import_ubuf+0xb9/0xf0 ? __import_iovec+0x254/0x2b0 ? lock_release+0x62/0x200 ? __pfx_netlink_sendmsg+0x10/0x10 ____sys_sendmsg+0x559/0x5a0 ? __pfx_____sys_sendmsg+0x10/0x10 ? __pfx_copy_msghdr_from_user+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? do_read_fault+0x213/0x4a0 ? rcu_is_watching+0x34/0x60 ___sys_sendmsg+0xe4/0x150 ? __pfx____sys_sendmsg+0x10/0x10 ? do_fault+0x2cc/0x6f0 ? handle_pte_fault+0x2e3/0x3d0 ? __pfx_handle_pte_fault+0x10/0x10 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2025-22075 is a vulnerability identified in the Linux kernel's rtnetlink subsystem, specifically related to the handling of Virtual Function (VF) GUIDs in netlink ifinfo messages. The vulnerability arises because the kernel code added support for retrieving VF port and node GUIDs but failed to properly account for the increased size of these GUIDs when allocating memory for netlink messages. This oversight leads to a situation where netlink messages can become too large to be handled correctly, resulting in errors such as "RTNETLINK answers: Message too long" and kernel warnings or crashes. The root cause is an insufficient allocation size for netlink messages when many VF GUIDs are present, causing the kernel to emit warnings and potentially leading to denial of service due to kernel warnings or crashes triggered by malformed or oversized netlink messages. The vulnerability is triggered when commands like "ip link show dev ib0" are executed on devices with many VFs configured (e.g., via sriov_numvfs). The detailed kernel warning and stack trace indicate that the issue occurs in the rtnl_getlink function, which is responsible for processing netlink link messages. While no known exploits are currently reported in the wild, the vulnerability could be leveraged to disrupt network management operations or cause kernel instability on affected systems. The affected versions correspond to a specific commit (30aad41721e0) in the Linux kernel source, indicating that this issue is present in kernel versions including or derived from this commit. The vulnerability affects Linux kernel installations that utilize SR-IOV (Single Root I/O Virtualization) with multiple virtual functions, particularly in environments using InfiniBand or similar network interfaces that expose VF GUIDs via rtnetlink. This vulnerability is primarily a denial-of-service risk due to kernel warnings and potential crashes, rather than a direct code execution or privilege escalation flaw.
Potential Impact
For European organizations, the impact of CVE-2025-22075 could be significant in environments relying on Linux servers with SR-IOV enabled network interfaces, especially those using InfiniBand or advanced networking hardware supporting virtual functions. Data centers, cloud providers, and enterprises with high-performance computing clusters or virtualized infrastructure could experience service disruptions due to kernel warnings or crashes triggered by this vulnerability. This could lead to network management failures, degraded network performance, or unplanned downtime affecting critical business operations. Since the vulnerability causes denial of service rather than direct data compromise, the confidentiality and integrity impact is limited; however, availability impact could be substantial, particularly for organizations with strict uptime requirements. Additionally, troubleshooting and remediation efforts may require kernel updates and careful validation to avoid operational disruptions. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent potential exploitation or accidental triggering during routine network management tasks.
Mitigation Recommendations
To mitigate CVE-2025-22075, European organizations should: 1) Apply the latest Linux kernel patches that address this issue as soon as they become available, ensuring that the netlink message allocation properly accounts for VF GUID sizes. 2) In the interim, limit the number of virtual functions configured on affected network devices to reduce the likelihood of triggering the message size limitation. 3) Monitor kernel logs for rtnetlink warnings or errors related to message size or VF GUID handling to detect potential attempts to exploit or inadvertently trigger the vulnerability. 4) Implement strict access controls on systems with SR-IOV enabled to restrict who can execute network management commands that interact with rtnetlink interfaces, reducing the risk of accidental or malicious triggering. 5) Test kernel updates in staging environments that mirror production to ensure stability and compatibility, especially in complex networking setups involving SR-IOV and InfiniBand. 6) Coordinate with hardware vendors for firmware or driver updates that may complement kernel fixes and improve VF GUID handling robustness. 7) Document and train network administrators on the implications of this vulnerability and the importance of cautious configuration of virtual functions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.815Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7ff4
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/3/2025, 8:56:45 PM
Last updated: 8/22/2025, 5:15:47 AM
Views: 16
Related Threats
CVE-2025-50691: n/a
CriticalCVE-2025-51825: n/a
HighCVE-2025-9258: CWE-36 Absolute Path Traversal in Uniong WebITR
HighCVE-2025-9257: CWE-36 Absolute Path Traversal in Uniong WebITR
HighCVE-2025-57896: CWE-862 Missing Authorization in andy_moyle Church Admin
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.