CVE-2025-22075

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22075
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22075.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22075
Downstream
Related
Published
2025-04-16T14:12:26.566Z
Modified
2025-11-28T02:34:53.677579Z
Summary
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Details

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: Allocate vfinfo size for VF GUIDs when supported

Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") added support for getting VF port and node GUIDs in netlink ifinfo messages, but their size was not taken into consideration in the function that allocates the netlink message, causing the following warning when a netlink message is filled with many VF port and node GUIDs: # echo 64 > /sys/bus/pci/devices/0000\:08\:00.0/sriov_numvfs # ip link show dev ib0 RTNETLINK answers: Message too long Cannot send link get request: Message too long

Kernel warning:

------------[ cut here ]------------ WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnlgetlink+0x586/0x5a0 Modules linked in: xtconntrack xtMASQUERADE nfnetlink xtaddrtype iptablenat nfnat brnetfilter overlay mlx5ib macsec mlx5core tls rpcrdma rdmaucm ibuverbs ibiser libiscsi scsitransportiscsi ibumad rdmacm iwcm ibipoib fuse ibcm ibcore CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rtnlgetlink+0x586/0x5a0 Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff <0f> 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ffff888113557348 EFLAGS: 00010246 RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000 RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8 RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000 R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00 R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff FS: 00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? warn+0xa5/0x230 ? rtnlgetlink+0x586/0x5a0 ? reportbug+0x22d/0x240 ? handlebug+0x53/0xa0 ? excinvalidop+0x14/0x50 ? asmexcinvalidop+0x16/0x20 ? skbtrim+0x6a/0x80 ? rtnlgetlink+0x586/0x5a0 ? _pfxrtnlgetlink+0x10/0x10 ? rtnetlinkrcvmsg+0x1e5/0x860 ? _pfxmutexlock+0x10/0x10 ? rcuiswatching+0x34/0x60 ? pfxlockacquire+0x10/0x10 ? stacktracesave+0x90/0xd0 ? filterirqstacks+0x1d/0x70 ? kasansavestack+0x30/0x40 ? kasansavestack+0x20/0x40 ? kasansavetrack+0x10/0x30 rtnetlinkrcvmsg+0x21c/0x860 ? entrySYSCALL64afterhwframe+0x76/0x7e ? _pfxrtnetlinkrcvmsg+0x10/0x10 ? archstackwalk+0x9e/0xf0 ? rcuiswatching+0x34/0x60 ? lockacquire+0xd5/0x410 ? rcuiswatching+0x34/0x60 netlinkrcvskb+0xe0/0x210 ? _pfxrtnetlinkrcvmsg+0x10/0x10 ? _pfxnetlinkrcvskb+0x10/0x10 ? rcuiswatching+0x34/0x60 ? _pfxnetlinklookup+0x10/0x10 ? lockrelease+0x62/0x200 ? netlinkdelivertap+0xfd/0x290 ? rcuiswatching+0x34/0x60 ? lockrelease+0x62/0x200 ? netlinkdelivertap+0x95/0x290 netlinkunicast+0x31f/0x480 ? pfxnetlinkunicast+0x10/0x10 ? rcuiswatching+0x34/0x60 ? lockacquire+0xd5/0x410 netlinksendmsg+0x369/0x660 ? lockrelease+0x62/0x200 ? _pfxnetlinksendmsg+0x10/0x10 ? importubuf+0xb9/0xf0 ? _importiovec+0x254/0x2b0 ? lockrelease+0x62/0x200 ? _pfxnetlinksendmsg+0x10/0x10 _syssendmsg+0x559/0x5a0 ? pfxsyssendmsg+0x10/0x10 ? _pfxcopymsghdrfromuser+0x10/0x10 ? rcuiswatching+0x34/0x60 ? doreadfault+0x213/0x4a0 ? rcuiswatching+0x34/0x60 syssendmsg+0xe4/0x150 ? pfxsyssendmsg+0x10/0x10 ? dofault+0x2cc/0x6f0 ? handleptefault+0x2e3/0x3d0 ? _pfxhandleptefault+0x10/0x10 ---truncated---

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22075.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
30aad41721e087babcf27c5192474724d555936c
Fixed
0f5489707cf528f9df2f39a3045c1ee713ec90e7
Fixed
bb7bdf636cef74cdd7a7d548bdc7457ae161f617
Fixed
5fed5f6de3cf734b231a11775748a6871ee3020f
Fixed
15f150771e0ec97f8ab1657e7d2568e593c7fa04
Fixed
28b21ee8e8fb326ba961a4bbce04ec04c65e705a
Fixed
365c1ae819455561d4746aafabad673e4bcb0163
Fixed
5f39454468329bb7fc7fc4895a6ba6ae3b95027e
Fixed
23f00807619d15063d676218f36c5dfeda1eb420

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.236
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.180
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.134
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.87
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.23
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.11
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.2