CVE-2025-22106

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22106
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22106.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22106
Downstream
Related
Published
2025-04-16T14:12:54Z
Modified
2025-10-17T23:46:12.794847Z
Summary
vmxnet3: unregister xdp rxq info in the reset path
Details

In the Linux kernel, the following vulnerability has been resolved:

vmxnet3: unregister xdp rxq info in the reset path

vmxnet3 does not unregister xdp rxq info in the vmxnet3resetwork() code path as vmxnet3rqdestroy() is not invoked in this code path. So, we get below message with a backtrace.

Missing unregister, handled but fix driver WARNING: CPU:48 PID: 500 at net/core/xdp.c:182 _xdprxqinforeg+0x93/0xf0

This patch fixes the problem by moving the unregister code of XDP from vmxnet3rqdestroy() to vmxnet3rqcleanup().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
54f00cce11786742bd11e5e68c3bf85e6dc048c9
Fixed
a6157484bee3385a425d288a69e1eaf03232f5fc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
54f00cce11786742bd11e5e68c3bf85e6dc048c9
Fixed
23da4e0bb2a38966d29db0ff90a8fe68fdfa1744
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
54f00cce11786742bd11e5e68c3bf85e6dc048c9
Fixed
9908541a9e235b7c5e2fbdd59910eaf9c32c3075
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
54f00cce11786742bd11e5e68c3bf85e6dc048c9
Fixed
0dd765fae295832934bf28e45dd5a355e0891ed4

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.100
v6.6.101
v6.6.102
v6.6.103
v6.6.104
v6.6.105
v6.6.106
v6.6.107
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0dd765fae295832934bf28e45dd5a355e0891ed4",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "75814281314127853395780269508260074570",
                "156526167872463386416189239444885523671",
                "132526779503912523402762682263082004844",
                "266102810120894674541042296117270419905",
                "204890972847605405945613561834944495220",
                "295489979667498229483579812341138812510",
                "308593484488643397904674185357690894155",
                "322160767425473274190037707169657511428",
                "158959563731543787198502913030882224606",
                "159419845854234623999679080727521695761",
                "224450311999684564069697630099046737744"
            ]
        },
        "id": "CVE-2025-22106-1ac1913d"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a6157484bee3385a425d288a69e1eaf03232f5fc",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_cleanup",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "9156242930975858296083977828456429090",
            "length": 1223.0
        },
        "id": "CVE-2025-22106-2e4e8b9d"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0dd765fae295832934bf28e45dd5a355e0891ed4",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_destroy",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "200584497556392914769196187027401879126",
            "length": 1479.0
        },
        "id": "CVE-2025-22106-3a97e4e2"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9908541a9e235b7c5e2fbdd59910eaf9c32c3075",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "75814281314127853395780269508260074570",
                "156526167872463386416189239444885523671",
                "132526779503912523402762682263082004844",
                "266102810120894674541042296117270419905",
                "204890972847605405945613561834944495220",
                "295489979667498229483579812341138812510",
                "308593484488643397904674185357690894155",
                "322160767425473274190037707169657511428",
                "158959563731543787198502913030882224606",
                "159419845854234623999679080727521695761",
                "224450311999684564069697630099046737744"
            ]
        },
        "id": "CVE-2025-22106-47712c32"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9908541a9e235b7c5e2fbdd59910eaf9c32c3075",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_destroy",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "200584497556392914769196187027401879126",
            "length": 1479.0
        },
        "id": "CVE-2025-22106-9bba3a1c"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0dd765fae295832934bf28e45dd5a355e0891ed4",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_cleanup",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "9156242930975858296083977828456429090",
            "length": 1223.0
        },
        "id": "CVE-2025-22106-bd5b10d6"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23da4e0bb2a38966d29db0ff90a8fe68fdfa1744",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_destroy",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "200584497556392914769196187027401879126",
            "length": 1479.0
        },
        "id": "CVE-2025-22106-d2daf324"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23da4e0bb2a38966d29db0ff90a8fe68fdfa1744",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "75814281314127853395780269508260074570",
                "156526167872463386416189239444885523671",
                "132526779503912523402762682263082004844",
                "266102810120894674541042296117270419905",
                "204890972847605405945613561834944495220",
                "295489979667498229483579812341138812510",
                "308593484488643397904674185357690894155",
                "322160767425473274190037707169657511428",
                "158959563731543787198502913030882224606",
                "159419845854234623999679080727521695761",
                "224450311999684564069697630099046737744"
            ]
        },
        "id": "CVE-2025-22106-d3972260"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a6157484bee3385a425d288a69e1eaf03232f5fc",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "75814281314127853395780269508260074570",
                "156526167872463386416189239444885523671",
                "132526779503912523402762682263082004844",
                "266102810120894674541042296117270419905",
                "204890972847605405945613561834944495220",
                "295489979667498229483579812341138812510",
                "308593484488643397904674185357690894155",
                "322160767425473274190037707169657511428",
                "158959563731543787198502913030882224606",
                "159419845854234623999679080727521695761",
                "224450311999684564069697630099046737744"
            ]
        },
        "id": "CVE-2025-22106-dca5bc44"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23da4e0bb2a38966d29db0ff90a8fe68fdfa1744",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_cleanup",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "9156242930975858296083977828456429090",
            "length": 1223.0
        },
        "id": "CVE-2025-22106-e1ac8caf"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9908541a9e235b7c5e2fbdd59910eaf9c32c3075",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_cleanup",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "9156242930975858296083977828456429090",
            "length": 1223.0
        },
        "id": "CVE-2025-22106-e338b05b"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a6157484bee3385a425d288a69e1eaf03232f5fc",
        "signature_version": "v1",
        "target": {
            "function": "vmxnet3_rq_destroy",
            "file": "drivers/net/vmxnet3/vmxnet3_drv.c"
        },
        "digest": {
            "function_hash": "72588725888917910171024589254042748171",
            "length": 1260.0
        },
        "id": "CVE-2025-22106-e98832b0"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.108
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.49
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.2