{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21953","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.790Z","datePublished":"2025-04-01T15:46:54.712Z","dateUpdated":"2026-05-11T21:09:44.295Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:09:44.295Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up  mana_port_debugfs value and hits the following bug:\n\n[  191.359296] mana 7870:00:00.0: Shutdown was called\n[  191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[  191.360584] #PF: supervisor write access in kernel mode\n[  191.361125] #PF: error_code(0x0002) - not-present page\n[  191.361727] PGD 1080ea067 P4D 0\n[  191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[  191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[  191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[  191.364124] RIP: 0010:down_write+0x19/0x50\n[  191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[  191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[  191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[  191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[  191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[  191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[  191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[  191.369549] FS:  00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[  191.370213] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[  191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[  191.372906] Call Trace:\n[  191.373262]  <TASK>\n[  191.373621]  ? show_regs+0x64/0x70\n[  191.374040]  ? __die+0x24/0x70\n[  191.374468]  ? page_fault_oops+0x290/0x5b0\n[  191.374875]  ? do_user_addr_fault+0x448/0x800\n[  191.375357]  ? exc_page_fault+0x7a/0x160\n[  191.375971]  ? asm_exc_page_fault+0x27/0x30\n[  191.376416]  ? down_write+0x19/0x50\n[  191.376832]  ? down_write+0x12/0x50\n[  191.377232]  simple_recursive_removal+0x4a/0x2a0\n[  191.377679]  ? __pfx_remove_one+0x10/0x10\n[  191.378088]  debugfs_remove+0x44/0x70\n[  191.378530]  mana_detach+0x17c/0x4f0\n[  191.378950]  ? __flush_work+0x1e2/0x3b0\n[  191.379362]  ? __cond_resched+0x1a/0x50\n[  191.379787]  mana_remove+0xf2/0x1a0\n[  191.380193]  mana_gd_shutdown+0x3b/0x70\n[  191.380642]  pci_device_shutdown+0x3a/0x80\n[  191.381063]  device_shutdown+0x13e/0x230\n[  191.381480]  kernel_power_off+0x35/0x80\n[  191.381890]  hibernate+0x3c6/0x470\n[  191.382312]  state_store+0xcb/0xd0\n[  191.382734]  kobj_attr_store+0x12/0x30\n[  191.383211]  sysfs_kf_write+0x3e/0x50\n[  191.383640]  kernfs_fop_write_iter+0x140/0x1d0\n[  191.384106]  vfs_write+0x271/0x440\n[  191.384521]  ksys_write+0x72/0xf0\n[  191.384924]  __x64_sys_write+0x19/0x20\n[  191.385313]  x64_sys_call+0x2b0/0x20b0\n[  191.385736]  do_syscall_64+0x79/0x150\n[  191.386146]  ? __mod_memcg_lruvec_state+0xe7/0x240\n[  191.386676]  ? __lruvec_stat_mod_folio+0x79/0xb0\n[  191.387124]  ? __pfx_lru_add+0x10/0x10\n[  191.387515]  ? queued_spin_unlock+0x9/0x10\n[  191.387937]  ? do_anonymous_page+0x33c/0xa00\n[  191.388374]  ? __handle_mm_fault+0xcf3/0x1210\n[  191.388805]  ? __count_memcg_events+0xbe/0x180\n[  191.389235]  ? handle_mm_fault+0xae/0x300\n[  19\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/microsoft/mana/gdma_main.c","drivers/net/ethernet/microsoft/mana/mana_en.c"],"versions":[{"version":"6607c17c6c5e029da03a90085db22daf518232bf","lessThan":"a1466112fb6e819261272ad75e7db750a43b78bf","status":"affected","versionType":"git"},{"version":"6607c17c6c5e029da03a90085db22daf518232bf","lessThan":"3e64bb2ae7d9f2b3a8259d4d6b86ed1984d5460a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/microsoft/mana/gdma_main.c","drivers/net/ethernet/microsoft/mana/mana_en.c"],"versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","status":"unaffected","versionType":"semver"},{"version":"6.13.8","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a1466112fb6e819261272ad75e7db750a43b78bf"},{"url":"https://git.kernel.org/stable/c/3e64bb2ae7d9f2b3a8259d4d6b86ed1984d5460a"}],"title":"net: mana: cleanup mana struct after debugfs_remove()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"CWE-476 NULL Pointer Dereference"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-01T17:16:37.291898Z","id":"CVE-2025-21953","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T17:16:39.481Z"}}]}}