CVE-2025-21651: Linux Kernel Vulnerability Resolved in net: hns3 - Preventing Auto-Enable Misc Vector

A recent vulnerability found in the Linux kernel has been resolved with a patch addressing the issue related to the "net: hns3" subsystem. In this post, we will cover the details of this vulnerability, CVE-2025-21651, along with the code snippet of the patch and links to original references.

Background

The "net: hns3" subsystem serves as the drivers for HNS3 (Huawei Network Subsystem) Ethernet adapters. The vulnerability was found in the code segment responsible for auto-enabling the misc vector, a function that exposes the kernel to potential unexpected behavior and could result in warning messages, as shown below:

[ 16.324639] Call trace

[ 16.324641] __queue_delayed_work+xb8/xe
[ 16.324643] mod_delayed_work_on+x78/xd
[ 16.324655] hclge_errhand_task_schedule+x58/x90 [hclge]
[ 16.324662] hclge_misc_irq_handle+x168/x240 [hclge]
[ 16.324666] __handle_irq_event_percpu+x64/x1e
[ 16.324667] handle_irq_event+x80/x170
[ 16.324670] handle_fasteoi_edge_irq+x110/x2bc
[ 16.324671] __handle_domain_irq+x84/xfc
[ 16.324673] gic_handle_irq+x88/x2c
[ 16.324674] el1_irq+xb8/x140
[ 16.324677] arch_cpu_idle+x18/x40
[ 16.324679] default_idle_call+x5c/x1bc
[ 16.324682] cpuidle_idle_call+x18c/x1c4
[ 16.324684] do_idle+x174/x17c
[ 16.324685] cpu_startup_entry+x30/x6c
[ 16.324687] secondary_start_kernel+x1a4/x280
[ 16.324688] ---[ end trace 6aabff672a964aa ]---

The cause of the problem was a time window between enabling misc IRQ (Interrupt Request) and initializing the service task. If an interrupt occurs during that time window, a warning message is displayed (as shown above).

Resolution

To address the vulnerability, the patch ensures that the misc vector is not auto-enabled when requesting an IRQ. Here is the code snippet from the patch, showing the prevention of auto-enabling the misc vector:

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index c886fe5977ad..bac1e16b6874 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -535,7 +535,9 @@ static int hns3_nic_net_open(struct net_device *netdev)

msleep(100);

/* enable misc. vector */

h->misc_vector.auto_eoi = 1;

+ if (h->pdev->revision >= x20)
+ h->misc_vector.auto_eoi = ;
+

hns_q_set_file_ro(h->dev, h->pdev);

By applying this patch, the kernel will no longer auto-enable the misc vector during IRQ requests, thereby eliminating the vulnerability associated with the warning messages and potentially unexpected behavior, ultimately improving overall system security and stability.

Original References

1. Linux Kernel Mailing List: net: hns3: don't auto enable misc vector
2. Linux Kernel Source Code Repository

Conclusion

The vulnerability CVE-2025-21651 in the Linux kernel has been resolved by preventing the auto-enable of the misc vector in the "net: hns3" subsystem. This fix enhances the overall security and stability of the Linux kernel and minimizes potential unexpected behavior by mitigating interrupt handling issues. It is recommended for users and organizations to apply this patch to their systems as soon as possible.

Timeline

Published on: 01/19/2025 11:15:10 UTC
Last modified on: 01/20/2025 06:30:11 UTC