DEBIAN-CVE-2025-23155
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinity_hint In stmmac_request_irq_multi_msi(), a pointer to the stack variable cpu_mask is passed to irq_set_affinity_hint(). This value is stored in irq_desc->affinity_hint, but once stmmac_request_irq_multi_msi() returns, the pointer becomes dangling. The affinity_hint is exposed via procfs with S_IRUGO permissions, allowing any unprivileged process to read it. Accessing this stale pointer can lead to: - a kernel oops or panic if the referenced memory has been released and unmapped, or - leakage of kernel data into userspace if the memory is re-used for other purposes. All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are affected.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 0 |
| Debian:12 | linux | 0, 6.1.106-2, 6.1.106-3 |
| Debian:14 | linux | 0, 0 |
| Debian:11 | linux-6.1 | 0, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2 |
Timeline
- May 1, 2025 CVE Published
- Apr 28, 2026 CVE Updated