CVE - CVE-2025-21799

CVE-ID
CVE-2025-21799	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() When getting the IRQ we use k3_udma_glue_tx_get_irq() which returns negative error value on error. So not NULL check is not sufficient to deteremine if IRQ is valid. Check that IRQ is greater then zero to ensure it is valid. There is no issue at probe time but at runtime user can invoke .set_channels which results in the following call chain. am65_cpsw_set_channels() am65_cpsw_nuss_update_tx_rx_chns() am65_cpsw_nuss_remove_tx_chns() am65_cpsw_nuss_init_tx_chns() At this point if am65_cpsw_nuss_init_tx_chns() fails due to k3_udma_glue_tx_get_irq() then tx_chn->irq will be set to a negative value. Then, at subsequent .set_channels with higher channel count we will attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns() leading to a kernel warning. The issue is present in the original commit that introduced this driver, although there, am65_cpsw_nuss_update_tx_rx_chns() existed as am65_cpsw_nuss_update_tx_chns().
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80 URL:https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80 MISC:https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515 URL:https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515 MISC:https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475 URL:https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475 MISC:https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6 URL:https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6 MISC:https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd URL:https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd
Assigning CNA
kernel.org
Date Record Created
20241229	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241229)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)