CVE-2025-23155

MEDIUM EPSS 5.7%
Published May 1, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinity_hint In stmmac_request_irq_multi_msi(), a pointer to the stack variable cpu_mask is passed to irq_set_affinity_hint(). This value is stored in irq_desc->affinity_hint, but once stmmac_request_irq_multi_msi() returns, the pointer becomes dangling. The affinity_hint is exposed via procfs with S_IRUGO permissions, allowing any unprivileged process to read it. Accessing this stale pointer can lead to: - a kernel oops or panic if the referenced memory has been released and unmapped, or - leakage of kernel data into userspace if the memory is re-used for other purposes. All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are affected.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥5.13  –  <6.12.36
linuxlinux_kernel*≥6.13  –  <6.13.12
linuxlinux_kernel*≥6.14  –  <6.14.3

References 6

  • git.kernel.org https://git.kernel.org/stable/c/2fbf67ddb8a0d0efc00d2df496a9843ec318d48b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/442312c2a90d60c7a5197246583fa91d9e579985
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/960dab23f6d405740c537d095f90a4ee9ddd9285
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2fbf67ddb8a0d0efc00d2df496a9843ec318d48b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/442312c2a90d60c7a5197246583fa91d9e579985
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/960dab23f6d405740c537d095f90a4ee9ddd9285
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef
    Patch