CVE-2025-21973 — NULL Pointer Dereference in Linux
Severity
7.1HIGHNVD
OSV5.9
EPSS
0.1%
top 84.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 1
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx}
When qstats-get operation is executed, callbacks of netdev_stats_ops
are called. The bnxt_get_queue_stats{rx | tx} collect per-queue stats
from sw_stats in the rings.
But {rx | tx | cp}_ring are allocated when the interface is up.
So, these rings are not allocated when the interface is down.
The qstats-get is allowed even if the interface is down. However,
the b…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages4 packages
▶CVEListV5linux/linuxaf7b3b4adda592cb49e202f3617454d5dda4c5b5 — f059a0fd733078c3832fd0f3a3037aa5975d3d36+3
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities↗2025-06-30
OSV▶
CVE-2025-21973: In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx} When qstats-get o↗2025-04-01