SB2025022878 - Input validation error in Linux kernel hisilicon hns3 driver
Published: February 28, 2025 Updated: May 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-21802)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/82736bb83fb0221319c85c2e9917d0189cd84e1e
- https://git.kernel.org/stable/c/92e5995773774a3e70257e9c95ea03518268bea5
- https://git.kernel.org/stable/c/b5a8bc47aa0a4aa8bca5466dfa2d12dbb5b3cd0c
- https://git.kernel.org/stable/c/cafe9a27e22736d4a01b3933e36225f9857c7988
- https://git.kernel.org/stable/c/e876522659012ef2e73834a0b9f1cbe3f74d5fad
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129