1.4 KiB
CVE-2025-21676
Description
In the Linux kernel, the following vulnerability has been resolved:net: fec: handle page_pool_dev_alloc_pages errorThe fec_enet_update_cbd function calls page_pool_dev_alloc_pages but didnot handle the case when it returned NULL. There was a WARN_ON(!new_page)but it would still proceed to use the NULL pointer and then crash.This case does seem somewhat rare but when the system is under memorypressure it can happen. One case where I can duplicate this with somefrequency is when writing over a smbd share to a SATA HDD attached to animx6q.Setting /proc/sys/vm/min_free_kbytes to higher values also seems to solvethe problem for my test case. But it still seems wrong that the fec driverignores the memory allocation error and can crash.This commit handles the allocation error by dropping the current packet.
POC
Reference
No PoCs from references.