CVE-2025-21651: net: hns3: don't auto enable misc vector
First published: Sun Jan 19 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.324639] Call trace: [ 16.324641] __queue_delayed_work+0xb8/0xe0 [ 16.324643] mod_delayed_work_on+0x78/0xd0 [ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge] [ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge] [ 16.324666] __handle_irq_event_percpu+0x64/0x1e0 [ 16.324667] handle_irq_event+0x80/0x170 [ 16.324670] handle_fasteoi_edge_irq+0x110/0x2bc [ 16.324671] __handle_domain_irq+0x84/0xfc [ 16.324673] gic_handle_irq+0x88/0x2c0 [ 16.324674] el1_irq+0xb8/0x140 [ 16.324677] arch_cpu_idle+0x18/0x40 [ 16.324679] default_idle_call+0x5c/0x1bc [ 16.324682] cpuidle_idle_call+0x18c/0x1c4 [ 16.324684] do_idle+0x174/0x17c [ 16.324685] cpu_startup_entry+0x30/0x6c [ 16.324687] secondary_start_kernel+0x1a4/0x280 [ 16.324688] ---[ end trace 6aa0bff672a964aa ]--- So don't auto enable misc vector when request irq..
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| debian/linux | <=5.10.223-1<=5.10.234-1<=6.1.129-1<=6.1.128-1 | 6.12.20-1 6.12.21-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/98b1e3b27734139c76295754b6c317aa4df6d32e
- https://git.kernel.org/stable/c/bcf430d3bb5525fc89a92a0c451c725ba1aa4306
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21651
- https://nvd.nist.gov/vuln/detail/CVE-2025-21651
- https://launchpad.net/bugs/cve/CVE-2025-21651
- https://security-tracker.debian.org/tracker/CVE-2025-21651
- https://ubuntu.com/security/CVE-2025-21651
- https://git.kernel.org/linus/98b1e3b27734139c76295754b6c317aa4df6d32e
Frequently Asked Questions
What is the severity of CVE-2025-21651?
CVE-2025-21651 has been classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2025-21651?
To fix CVE-2025-21651, ensure you update your Linux kernel to the latest version where the vulnerability has been patched.
What components are affected by CVE-2025-21651?
CVE-2025-21651 affects the hns3 network driver within the Linux kernel.
What kind of issues does CVE-2025-21651 cause?
CVE-2025-21651 can lead to warning messages during the initialization of the service task if interrupts occur during a specific time window.
Are there any workarounds for CVE-2025-21651?
Currently, there are no documented workarounds for CVE-2025-21651, hence upgrading is recommended.
- collector/nvd-api
- source/NVD
- agent/type
- agent/first-publish-date
- agent/title
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- package-manager/debian