CVE-2025-21800
Published: 27 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset When bit offset for HWS_SET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c:177:2 shift exponent -8 is negative
Security Summary
CVE-2025-21800 is a vulnerability in the Linux kernel's net/mlx5 driver, specifically in the HWS definer component. The issue arises when the HWS_SET32 macro receives a negative bit offset, triggering a shift-out-of-bounds condition detected by UBSAN. This occurs in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c at line 177, where a shift exponent such as -8 is negative, leading to undefined behavior.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high impacts on confidentiality, integrity, and availability, as scored at CVSS 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The unchanged scope indicates potential for severe local effects, such as kernel crashes or code execution within the mlx5 HWS context.
Mitigation involves applying kernel patches from the provided stable commits: https://git.kernel.org/stable/c/69c676c0ded472713e6d1b3a456b3c4f52f66f0e, https://git.kernel.org/stable/c/92cff996624c4757d5bbace3dfa3f1567ba94143, and https://git.kernel.org/stable/c/be482f1d10da781db9445d2753c1e3f1fd82babf. These fixes resolve the negative offset handling in the HWS_SET32 macro.
Details
- CWE(s)