CVE-2025-21650
📋 TL;DR
This vulnerability in the Linux kernel's HNS3 network driver allows out-of-bounds memory access when reading TQP BAR space information. It affects systems using Huawei HNS3 network adapters with more than 1024 TQP queues, potentially leading to kernel crashes or privilege escalation. The issue occurs when the ethtool command is used to read network device registers.
💻 Affected Systems
- Linux kernel with HNS3 network driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential privilege escalation if memory corruption can be controlled, or denial of service affecting network connectivity.
Likely Case
Kernel crash or system instability when ethtool is used on affected network interfaces, resulting in denial of service.
If Mitigated
No impact if systems don't use HNS3 network adapters with >1024 TQP queues or if ethtool registry access is restricted.
🎯 Exploit Status
Exploitation requires local access and ability to run ethtool commands. The vulnerability is triggered by reading device registers via ethtool.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 0575baa733fc4219f230aef22d5bc35d922f1e9a and 7997ddd46c54408bcba5e37fe18b4d832e45d4d4
Vendor Advisory: https://git.kernel.org/stable/c/0575baa733fc4219f230aef22d5bc35d922f1e9a
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Rebuild kernel if using custom kernel. 4. No reboot required for driver module reload, but kernel update may require reboot.
🔧 Temporary Workarounds
Restrict ethtool access
allLimit access to ethtool command to prevent triggering the vulnerability
chmod 750 /sbin/ethtool
setcap -r /sbin/ethtool
Use sudoers to restrict ethtool usage
Limit TQP queues
allConfigure HNS3 network adapter to use 1024 or fewer TQP queues
Check current queue count: ethtool -l <interface>
Set queue count: ethtool -L <interface> combined 1024
🧯 If You Can't Patch
- Restrict shell access to prevent users from running ethtool commands
- Monitor for kernel panic logs related to hclge_fetch_pf_reg and investigate any occurrences
🔍 How to Verify
Check if Vulnerable:
Check if system has HNS3 network interfaces: lspci | grep -i hns3 && Check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel contains fix commits: grep -r '0575baa733fc4219f230aef22d5bc35d922f1e9a\|7997ddd46c54408bcba5e37fe18b4d832e45d4d4' /usr/src/linux/📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'hclge_fetch_pf_reg'
- Oops messages with call trace including hclge_fetch_pf_reg
- System crash logs when ethtool is executed
Network Indicators:
- Sudden network interface disappearance
- Unexpected network service interruptions on HNS3 interfaces
SIEM Query:
source="kernel" AND ("hclge_fetch_pf_reg" OR "Unable to handle kernel paging request" AND "hclge")