Unrated severityNVD Advisory· Published Feb 27, 2025· Updated May 4, 2025
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
CVE-2025-21800
Description
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
When bit offset for HWS_SET32 macro is negative, UBSAN complains about the shift-out-of-bounds:
UBSAN: shift-out-of-bounds in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c:177:2 shift exponent -8 is negative
Affected products
19- osv-coords17 versionspkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 6.4.0-150700.53.3.1+ 16 more
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.20.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1.150700.17.2.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 1-150700.15.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.20.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.20.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.