CVE-2025-23155
Published: May 1, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinity_hint In stmmac_request_irq_multi_msi(), a pointer to the stack variable cpu_mask is passed to irq_set_affinity_hint(). This value is stored in irq_desc->affinity_hint, but once stmmac_request_irq_multi_msi() returns, the pointer becomes dangling. The affinity_hint is exposed via procfs with S_IRUGO permissions, allowing any unprivileged process to read it. Accessing this stale pointer can lead to: - a kernel oops or panic if the referenced memory has been released and unmapped, or - leakage of kernel data into userspace if the memory is re-used for other purposes. All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are affected.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8deec94c6040bb4a767f6e9456a0a44c7f2e713e - < 2fbf67ddb8a0d0efc00d2df496a9843ec318d48baffected 8deec94c6040bb4a767f6e9456a0a44c7f2e713e - < 960dab23f6d405740c537d095f90a4ee9ddd9285affected 8deec94c6040bb4a767f6e9456a0a44c7f2e713e - < 442312c2a90d60c7a5197246583fa91d9e579985affected 8deec94c6040bb4a767f6e9456a0a44c7f2e713e - < e148266e104fce396ad624079a6812ac3a9982efaffected 8deec94c6040bb4a767f6e9456a0a44c7f2e713e - < 9e51a6a44e2c4de780a26e8fe110d708e806a8cd+1 more versions |
Linux | Linux | affected 5.13unaffected 0 - < 5.13unaffected 6.1.164 - <= 6.1.*unaffected 6.6.117 - <= 6.6.*unaffected 6.12.36 - <= 6.12.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now