CVE-2025-21974 — Improper Cleanup on Thrown Exception in Linux
Severity
5.5MEDIUMNVD
OSV5.9
EPSS
0.0%
top 84.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 1
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc()
The bnxt_queue_mem_alloc() is called to allocate new queue memory when
a queue is restarted.
It internally accesses rx buffer descriptor corresponding to the index.
The rx buffer descriptor is allocated and set when the interface is up
and it's freed when the interface is down.
So, if queue is restarted if interface is down, kernel panic occurs.
Splat looks…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux2d694c27d32efc9467a8a20e4ad641ab5adfd07d — 14eb5f0d6554653f4b159835c2f77b2a9bd7e9be+3
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities↗2025-06-30
GHSA▶
GHSA-c863-9ggg-4m2g: In the Linux kernel, the following vulnerability has been resolved:
eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc()
The bnxt_q↗2025-04-01