{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-21649","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.728Z","datePublished":"2025-01-19T10:18:06.911Z","dateUpdated":"2025-10-01T19:57:17.106Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:18:13.502Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when 1588 is sent on HIP08 devices\n\nCurrently, HIP08 devices does not register the ptp devices, so the\nhdev->ptp is NULL. But the tx process would still try to set hardware time\nstamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash.\n\n[  128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n...\n[  128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[  128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge]\n[  128.292938] sp : ffff800059b93140\n[  128.297200] x29: ffff800059b93140 x28: 0000000000003280\n[  128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080\n[  128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001\n[  128.315969] x23: 0000000000000000 x22: 0000000000000194\n[  128.322219] x21: ffff0cd94f986000 x20: 0000000000000000\n[  128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000\n[  128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24\n[  128.340934] x15: 0000ffffd530a518 x14: 0000000000000000\n[  128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368\n[  128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02\n[  128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0\n[  128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000\n[  128.372040] x5 : 0000000000000000 x4 : 000000000000ffff\n[  128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294\n[  128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080\n[  128.390626] Call trace:\n[  128.393964]  hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[  128.399893]  hns3_nic_net_xmit+0x39c/0x4c4 [hns3]\n[  128.405468]  xmit_one.constprop.0+0xc4/0x200\n[  128.410600]  dev_hard_start_xmit+0x54/0xf0\n[  128.415556]  sch_direct_xmit+0xe8/0x634\n[  128.420246]  __dev_queue_xmit+0x224/0xc70\n[  128.425101]  dev_queue_xmit+0x1c/0x40\n[  128.429608]  ovs_vport_send+0xac/0x1a0 [openvswitch]\n[  128.435409]  do_output+0x60/0x17c [openvswitch]\n[  128.440770]  do_execute_actions+0x898/0x8c4 [openvswitch]\n[  128.446993]  ovs_execute_actions+0x64/0xf0 [openvswitch]\n[  128.453129]  ovs_dp_process_packet+0xa0/0x224 [openvswitch]\n[  128.459530]  ovs_vport_receive+0x7c/0xfc [openvswitch]\n[  128.465497]  internal_dev_xmit+0x34/0xb0 [openvswitch]\n[  128.471460]  xmit_one.constprop.0+0xc4/0x200\n[  128.476561]  dev_hard_start_xmit+0x54/0xf0\n[  128.481489]  __dev_queue_xmit+0x968/0xc70\n[  128.486330]  dev_queue_xmit+0x1c/0x40\n[  128.490856]  ip_finish_output2+0x250/0x570\n[  128.495810]  __ip_finish_output+0x170/0x1e0\n[  128.500832]  ip_finish_output+0x3c/0xf0\n[  128.505504]  ip_output+0xbc/0x160\n[  128.509654]  ip_send_skb+0x58/0xd4\n[  128.513892]  udp_send_skb+0x12c/0x354\n[  128.518387]  udp_sendmsg+0x7a8/0x9c0\n[  128.522793]  inet_sendmsg+0x4c/0x8c\n[  128.527116]  __sock_sendmsg+0x48/0x80\n[  128.531609]  __sys_sendto+0x124/0x164\n[  128.536099]  __arm64_sys_sendto+0x30/0x5c\n[  128.540935]  invoke_syscall+0x50/0x130\n[  128.545508]  el0_svc_common.constprop.0+0x10c/0x124\n[  128.551205]  do_el0_svc+0x34/0xdc\n[  128.555347]  el0_svc+0x20/0x30\n[  128.559227]  el0_sync_handler+0xb8/0xc0\n[  128.563883]  el0_sync+0x160/0x180"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c"],"versions":[{"version":"0bf5eb788512187b744ef7f79de835e6cbe85b9c","lessThan":"f19ab3ef96d9626e5f1bdc56d3574c355e83d623","status":"affected","versionType":"git"},{"version":"0bf5eb788512187b744ef7f79de835e6cbe85b9c","lessThan":"9741e72b2286de8b38de9db685588ac421a95c87","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c"],"versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","status":"unaffected","versionType":"semver"},{"version":"6.12.10","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.12.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f19ab3ef96d9626e5f1bdc56d3574c355e83d623"},{"url":"https://git.kernel.org/stable/c/9741e72b2286de8b38de9db685588ac421a95c87"}],"title":"net: hns3: fix kernel crash when 1588 is sent on HIP08 devices","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2025-21649","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T19:53:53.106260Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T19:57:17.106Z"}}]}}