CVE-2025-22106

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: unregister xdp rxq info in the reset path vmxnet3 does not unregister xdp rxq info in the vmxnet3_reset_work() code path as vmxnet3_rq_destroy() is not invoked in this code path. So, we get below message with a backtrace. Missing unregister, handled but fix driver WARNING: CPU:48 PID: 500 at net/core/xdp.c:182 __xdp_rxq_info_reg+0x93/0xf0 This patch fixes the problem by moving the unregister code of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0dd765fae295832934bf28e45dd5a355e0891ed4	Patch
https://git.kernel.org/stable/c/23da4e0bb2a38966d29db0ff90a8fe68fdfa1744	Patch
https://git.kernel.org/stable/c/9908541a9e235b7c5e2fbdd59910eaf9c32c3075	Patch
https://git.kernel.org/stable/c/a6157484bee3385a425d288a69e1eaf03232f5fc	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-04-16 15:16

Updated : 2025-11-03 18:42

NVD link : CVE-2025-22106

Mitre link : CVE-2025-22106

CVE.ORG link : CVE-2025-22106

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-22106", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-04-16T15:16:04.913", "references": [{"url": "https://git.kernel.org/stable/c/0dd765fae295832934bf28e45dd5a355e0891ed4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/23da4e0bb2a38966d29db0ff90a8fe68fdfa1744", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9908541a9e235b7c5e2fbdd59910eaf9c32c3075", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a6157484bee3385a425d288a69e1eaf03232f5fc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: unregister xdp rxq info in the reset path\n\nvmxnet3 does not unregister xdp rxq info in the\nvmxnet3_reset_work() code path as vmxnet3_rq_destroy()\nis not invoked in this code path. So, we get below message with a\nbacktrace.\n\nMissing unregister, handled but fix driver\nWARNING: CPU:48 PID: 500 at net/core/xdp.c:182\n__xdp_rxq_info_reg+0x93/0xf0\n\nThis patch fixes the problem by moving the unregister\ncode of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vmxnet3: anular el registro de la informaci\u00f3n de xdp rxq en la ruta de reinicio vmxnet3 no anula el registro de la informaci\u00f3n de xdp rxq en la ruta de c\u00f3digo vmxnet3_reset_work() ya que vmxnet3_rq_destroy() no se invoca en esta ruta de c\u00f3digo. Por lo tanto, obtenemos el siguiente mensaje con un backtrace. Falta anulaci\u00f3n del registro, gestionada pero corregida el controlador ADVERTENCIA: CPU:48 PID: 500 en net/core/xdp.c:182 __xdp_rxq_info_reg+0x93/0xf0 Este parche corrige el problema moviendo el c\u00f3digo de anulaci\u00f3n del registro de XDP de vmxnet3_rq_destroy() a vmxnet3_rq_cleanup()."}], "lastModified": "2025-11-03T18:42:40.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6014655E-7044-4F9B-B5E6-497BDF9C2DBF", "versionEndExcluding": "6.6.108", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAA033E9-A2C5-4976-A83E-9804D8FB827F", "versionEndExcluding": "6.12.49", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "633A38C1-75C8-452D-8F1C-DA0269FD2687", "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}