CVE-2025-21649

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix kernel crash when 1588 is sent on HIP08 devices

Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTXHWTSTAMP flag and cause a kernel crash.

[ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclgeptpsettxinfo+0x2c/0x140 [hclge] [ 128.286600] lr : hclgeptpsettxinfo+0x20/0x140 [hclge] [ 128.292938] sp : ffff800059b93140 [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280 [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080 [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001 [ 128.315969] x23: 0000000000000000 x22: 0000000000000194 [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000 [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000 [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24 [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000 [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368 [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02 [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0 [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000 [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294 [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080 [ 128.390626] Call trace: [ 128.393964] hclgeptpsettxinfo+0x2c/0x140 [hclge] [ 128.399893] hns3nicnetxmit+0x39c/0x4c4 [hns3] [ 128.405468] xmitone.constprop.0+0xc4/0x200 [ 128.410600] devhardstartxmit+0x54/0xf0 [ 128.415556] schdirectxmit+0xe8/0x634 [ 128.420246] _devqueuexmit+0x224/0xc70 [ 128.425101] devqueuexmit+0x1c/0x40 [ 128.429608] ovsvportsend+0xac/0x1a0 [openvswitch] [ 128.435409] dooutput+0x60/0x17c [openvswitch] [ 128.440770] doexecuteactions+0x898/0x8c4 [openvswitch] [ 128.446993] ovsexecuteactions+0x64/0xf0 [openvswitch] [ 128.453129] ovsdpprocesspacket+0xa0/0x224 [openvswitch] [ 128.459530] ovsvportreceive+0x7c/0xfc [openvswitch] [ 128.465497] internaldevxmit+0x34/0xb0 [openvswitch] [ 128.471460] xmitone.constprop.0+0xc4/0x200 [ 128.476561] devhardstartxmit+0x54/0xf0 [ 128.481489] _devqueuexmit+0x968/0xc70 [ 128.486330] devqueuexmit+0x1c/0x40 [ 128.490856] ipfinishoutput2+0x250/0x570 [ 128.495810] _ipfinishoutput+0x170/0x1e0 [ 128.500832] ipfinishoutput+0x3c/0xf0 [ 128.505504] ipoutput+0xbc/0x160 [ 128.509654] ipsendskb+0x58/0xd4 [ 128.513892] udpsendskb+0x12c/0x354 [ 128.518387] udpsendmsg+0x7a8/0x9c0 [ 128.522793] inetsendmsg+0x4c/0x8c [ 128.527116] _socksendmsg+0x48/0x80 [ 128.531609] _syssendto+0x124/0x164 [ 128.536099] _arm64syssendto+0x30/0x5c [ 128.540935] invokesyscall+0x50/0x130 [ 128.545508] el0svccommon.constprop.0+0x10c/0x124 [ 128.551205] doel0svc+0x34/0xdc [ 128.555347] el0svc+0x20/0x30 [ 128.559227] el0synchandler+0xb8/0xc0 [ 128.563883] el0_sync+0x160/0x180