CVE-2025-38490

In the Linux kernel, the following vulnerability has been resolved:

net: libwx: remove duplicate pagepoolputfullpage()

pagepoolputfullpage() should only be invoked when freeing Rx buffers or building a skb if the size is too short. At other times, the pages need to be reused. So remove the redundant page put. In the original code, double free pages cause kernel panic:

[ 876.949834] irqexitrcu+0xc7/0x130 [ 876.949836] commoninterrupt+0xb8/0xd0 [ 876.949838] </IRQ> [ 876.949838] <TASK> [ 876.949840] asmcommoninterrupt+0x22/0x40 [ 876.949841] RIP: 0010:cpuidleenterstate+0xc2/0x420 [ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246 [ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000 [ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e [ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed [ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580 [ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000 [ 876.949852] ? cpuidleenterstate+0xb3/0x420 [ 876.949855] cpuidleenter+0x29/0x40 [ 876.949857] cpuidleidlecall+0xfd/0x170 [ 876.949859] doidle+0x7a/0xc0 [ 876.949861] cpustartupentry+0x25/0x30 [ 876.949862] startsecondary+0x117/0x140 [ 876.949864] commonstartup64+0x13e/0x148 [ 876.949867] </TASK> [ 876.949868] ---[ end trace 0000000000000000 ]--- [ 876.949869] ------------[ cut here ]------------ [ 876.949870] listdel corruption, ffffead40445a348->next is NULL [ 876.949873] WARNING: CPU: 14 PID: 0 at lib/listdebug.c:52 _listdelentryvalidorreport+0x67/0x120 [ 876.949875] Modules linked in: sndhrtimer(E) bnep(E) binfmtmisc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amdatl(E) sndhdacodecrealtek(E) intelraplmsr(E) sndhdacodecgeneric(E) intelraplcommon(E) sndhdascodeccomponent(E) sndhdacodechdmi(E) sndhdaintel(E) edacmceamd(E) sndinteldspcfg(E) sndhdacodec(E) sndhdacore(E) amdxcp(E) kvmamd(E) sndhwdep(E) gpusched(E) drmpanelbacklightquirks(E) cec(E) sndpcm(E) drmbuddy(E) sndseqdummy(E) drmttmhelper(E) btusb(E) kvm(E) sndseqoss(E) btrtl(E) ttm(E) btintel(E) sndseqmidi(E) btbcm(E) drmexec(E) sndseqmidievent(E) i2calgobit(E) sndrawmidi(E) bluetooth(E) drmsuballochelper(E) irqbypass(E) sndseq(E) ghashclmulniintel(E) sha512ssse3(E) drmdisplayhelper(E) aesniintel(E) sndseqdevice(E) rfkill(E) sndtimer(E) gf128mul(E) drmclientlib(E) drmkmshelper(E) snd(E) i2cpiix4(E) joydev(E) soundcore(E) wmibmof(E) ccp(E) k10temp(E) i2csmbus(E) gpioamdpt(E) i2cdesignwareplatform(E) gpiogeneric(E) sg(E) [ 876.949914] i2cdesignwarecore(E) schfqcodel(E) parportpc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) iptables(E) ext4 crc16 mbcache jbd2 sdmod sfp mdioi2c i2ccore txgbe ahci ngbe pcsxpcs libahci libwx r8169 phylink libata realtek ptp ppscore video wmi [ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary) [ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNEDMODULE [ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 876.949936] RIP: 0010:listdelentryvalidorreport+0x67/0x120 [ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff <0f> 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8 [ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282 [ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000 [ 876.949942] RDX: 0000000000000105 RSI: 00000 ---truncated---