CVE-2025-23155 in Linuxinfo

Zusammenfassung

von MITRE • 01.05.2025

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: Fix accessing freed irq affinity_hint

In stmmac_request_irq_multi_msi(), a pointer to the stack variable cpu_mask is passed to irq_set_affinity_hint(). This value is stored in irq_desc->affinity_hint, but once stmmac_request_irq_multi_msi() returns, the pointer becomes dangling.

The affinity_hint is exposed via procfs with S_IRUGO permissions, allowing any unprivileged process to read it. Accessing this stale pointer can lead to:

- a kernel oops or panic if the referenced memory has been released and unmapped, or - leakage of kernel data into userspace if the memory is re-used for other purposes.

All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are affected.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

Linux

Reservieren

11.01.2025

Veröffentlichung

01.05.2025

Moderieren

akzeptiert

Eintrag

VDB-306898

CPE

bereit

EPSS

0.00168

KEV

nein

Aktivitäten

very low

Quellen

Do you know our Splunk app?

Download it now for free!