CVE-2025-23155

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-23155
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23155.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-23155
Downstream
Related
Published
2025-05-01T12:55:41.607Z
Modified
2026-03-11T07:44:44.056880100Z
Summary
net: stmmac: Fix accessing freed irq affinity_hint
Details

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: Fix accessing freed irq affinity_hint

In stmmacrequestirqmultimsi(), a pointer to the stack variable cpumask is passed to irqsetaffinityhint(). This value is stored in irqdesc->affinityhint, but once stmmacrequestirqmultimsi() returns, the pointer becomes dangling.

The affinityhint is exposed via procfs with SIRUGO permissions, allowing any unprivileged process to read it. Accessing this stale pointer can lead to:

  • a kernel oops or panic if the referenced memory has been released and unmapped, or
  • leakage of kernel data into userspace if the memory is re-used for other purposes.

All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are affected.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23155.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8deec94c6040bb4a767f6e9456a0a44c7f2e713e
Fixed
2fbf67ddb8a0d0efc00d2df496a9843ec318d48b
Fixed
960dab23f6d405740c537d095f90a4ee9ddd9285
Fixed
442312c2a90d60c7a5197246583fa91d9e579985
Fixed
e148266e104fce396ad624079a6812ac3a9982ef
Fixed
9e51a6a44e2c4de780a26e8fe110d708e806a8cd
Fixed
c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23155.json"