CVE-2025-21676

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21676
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21676.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21676
Downstream
Related
Published
2025-01-31T11:25:38Z
Modified
2025-10-17T21:14:49.775656Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
net: fec: handle page_pool_dev_alloc_pages error
Details

In the Linux kernel, the following vulnerability has been resolved:

net: fec: handle pagepooldevallocpages error

The fecenetupdatecbd function calls pagepooldevallocpages but did not handle the case when it returned NULL. There was a WARNON(!new_page) but it would still proceed to use the NULL pointer and then crash.

This case does seem somewhat rare but when the system is under memory pressure it can happen. One case where I can duplicate this with some frequency is when writing over a smbd share to a SATA HDD attached to an imx6q.

Setting /proc/sys/vm/minfreekbytes to higher values also seems to solve the problem for my test case. But it still seems wrong that the fec driver ignores the memory allocation error and can crash.

This commit handles the allocation error by dropping the current packet.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
95698ff6177b5f1f13f251da60e7348413046ae4
Fixed
8a0097db0544b658c159ac787319737712063a23
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
95698ff6177b5f1f13f251da60e7348413046ae4
Fixed
1425cb829556398f594658512d49292f988a2ab0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
95698ff6177b5f1f13f251da60e7348413046ae4
Fixed
001ba0902046cb6c352494df610718c0763e77a5

Affected versions

v6.*

v6.0
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "length": 363.0,
            "function_hash": "7749777133475998964386739253744550040"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1425cb829556398f594658512d49292f988a2ab0",
        "target": {
            "function": "fec_enet_update_cbd",
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-0ceb169b",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 363.0,
            "function_hash": "7749777133475998964386739253744550040"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@001ba0902046cb6c352494df610718c0763e77a5",
        "target": {
            "function": "fec_enet_update_cbd",
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-55da6956",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "221188426531609981257057636268977209384",
                "209293702893879304035381975629192151526",
                "122475002864465838417379903742586104810",
                "162555831841535730966980273712570097233",
                "268561488041201943808867196010178237750",
                "131569075787751979760382706868867397118",
                "223105558445088846203890450538535935546",
                "250625841174791218127904343390094616562",
                "268612300056363513559659272472262297283",
                "73865715454030876277079393262315979238",
                "189473521850405178344791239575904247506",
                "19340920041844345660131146987334311654",
                "306151789122457189754159609101093529119",
                "122365196555427928163818094383536048453",
                "38412837797007295091142427716408072418",
                "290542957722556770549922031642926389522",
                "279979993719057048007904059631278121540",
                "37524803856579966983468490835911808570",
                "283110260814916595341088177033225471511",
                "246519915883716809289549058296045801222",
                "23978790907085694034887008969592051708",
                "93665948141353386519229540171621949593",
                "29799706601451400677312817156918208967",
                "208494121320447258271152312031805137867",
                "263150557029917890610122206970669748351",
                "12650842090908885168587044558956068366",
                "205137851507384761166805063084137809926",
                "298287765154795686857485143713237372225"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@001ba0902046cb6c352494df610718c0763e77a5",
        "target": {
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-6cb9749a",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 3956.0,
            "function_hash": "33309732353199135227354387880912580627"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1425cb829556398f594658512d49292f988a2ab0",
        "target": {
            "function": "fec_enet_rx_queue",
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-749ce6c3",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 3905.0,
            "function_hash": "45934397284333173109636241716937462588"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8a0097db0544b658c159ac787319737712063a23",
        "target": {
            "function": "fec_enet_rx_queue",
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-7da8c0e1",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 363.0,
            "function_hash": "7749777133475998964386739253744550040"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8a0097db0544b658c159ac787319737712063a23",
        "target": {
            "function": "fec_enet_update_cbd",
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-a8dabe90",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "221188426531609981257057636268977209384",
                "209293702893879304035381975629192151526",
                "122475002864465838417379903742586104810",
                "162555831841535730966980273712570097233",
                "268561488041201943808867196010178237750",
                "131569075787751979760382706868867397118",
                "223105558445088846203890450538535935546",
                "250625841174791218127904343390094616562",
                "268612300056363513559659272472262297283",
                "73865715454030876277079393262315979238",
                "189473521850405178344791239575904247506",
                "19340920041844345660131146987334311654",
                "306151789122457189754159609101093529119",
                "122365196555427928163818094383536048453",
                "38412837797007295091142427716408072418",
                "290542957722556770549922031642926389522",
                "279979993719057048007904059631278121540",
                "37524803856579966983468490835911808570",
                "283110260814916595341088177033225471511",
                "246519915883716809289549058296045801222",
                "23978790907085694034887008969592051708",
                "93665948141353386519229540171621949593",
                "29799706601451400677312817156918208967",
                "208494121320447258271152312031805137867",
                "263150557029917890610122206970669748351",
                "12650842090908885168587044558956068366",
                "205137851507384761166805063084137809926",
                "298287765154795686857485143713237372225"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8a0097db0544b658c159ac787319737712063a23",
        "target": {
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-b73156c5",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 3956.0,
            "function_hash": "33309732353199135227354387880912580627"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@001ba0902046cb6c352494df610718c0763e77a5",
        "target": {
            "function": "fec_enet_rx_queue",
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-f0ba18ce",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "221188426531609981257057636268977209384",
                "209293702893879304035381975629192151526",
                "122475002864465838417379903742586104810",
                "162555831841535730966980273712570097233",
                "268561488041201943808867196010178237750",
                "131569075787751979760382706868867397118",
                "223105558445088846203890450538535935546",
                "250625841174791218127904343390094616562",
                "268612300056363513559659272472262297283",
                "73865715454030876277079393262315979238",
                "189473521850405178344791239575904247506",
                "19340920041844345660131146987334311654",
                "306151789122457189754159609101093529119",
                "122365196555427928163818094383536048453",
                "38412837797007295091142427716408072418",
                "290542957722556770549922031642926389522",
                "279979993719057048007904059631278121540",
                "37524803856579966983468490835911808570",
                "283110260814916595341088177033225471511",
                "246519915883716809289549058296045801222",
                "23978790907085694034887008969592051708",
                "93665948141353386519229540171621949593",
                "29799706601451400677312817156918208967",
                "208494121320447258271152312031805137867",
                "263150557029917890610122206970669748351",
                "12650842090908885168587044558956068366",
                "205137851507384761166805063084137809926",
                "298287765154795686857485143713237372225"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1425cb829556398f594658512d49292f988a2ab0",
        "target": {
            "file": "drivers/net/ethernet/freescale/fec_main.c"
        },
        "id": "CVE-2025-21676-f9e479d2",
        "signature_version": "v1",
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.6.74
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.11