CVE-2025-21802

net: hns3: fix oops when unload drivers paralleling

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each ae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at the time, because it removes all the ae_dev nodes, and it may cause oops. But we can't simply use hnae3_common_lock for this. Because in the process flow of pci_disable_sriov(), it will trigger the remove flow of VF, which will also take hnae3_common_lock. To fixes it, introduce a new mutex to protect the unload process.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/622d92a67656e5c4d2d6ccac02d688ed995418c6
https://git.kernel.org/stable/c/8c640dd3d900cc8988a39c007591f1deee776df4
https://git.kernel.org/stable/c/e876522659012ef2e73834a0b9f1cbe3f74d5fad
https://git.kernel.org/stable/c/b5a8bc47aa0a4aa8bca5466dfa2d12dbb5b3cd0c
https://git.kernel.org/stable/c/82736bb83fb0221319c85c2e9917d0189cd84e1e
https://git.kernel.org/stable/c/cafe9a27e22736d4a01b3933e36225f9857c7988
https://git.kernel.org/stable/c/92e5995773774a3e70257e9c95ea03518268bea5

Frequently Asked Questions

What is the severity of CVE-2025-21802?
CVE-2025-21802 has not yet been assigned a CVSS score.
How to fix CVE-2025-21802?
To fix CVE-2025-21802, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21802 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21802 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21802?
CVE-2025-21802 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.