{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:50:32.369","vulnerabilities":[{"cve":{"id":"CVE-2025-21650","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-01-19T11:15:10.630","lastModified":"2025-10-01T20:18:16.897","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue\n\nThe TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs\n1024-1279 are in different BAR space addresses. However,\nhclge_fetch_pf_reg does not distinguish the tqp space information when\nreading the tqp space information. When the number of TQPs is greater\nthan 1024, access bar space overwriting occurs.\nThe problem of different segments has been considered during the\ninitialization of tqp.io_base. Therefore, tqp.io_base is directly used\nwhen the queue is read in hclge_fetch_pf_reg.\n\nThe error message:\n\nUnable to handle kernel paging request at virtual address ffff800037200000\npc : hclge_fetch_pf_reg+0x138/0x250 [hclge]\nlr : hclge_get_regs+0x84/0x1d0 [hclge]\nCall trace:\n hclge_fetch_pf_reg+0x138/0x250 [hclge]\n hclge_get_regs+0x84/0x1d0 [hclge]\n hns3_get_regs+0x2c/0x50 [hns3]\n ethtool_get_regs+0xf4/0x270\n dev_ethtool+0x674/0x8a0\n dev_ioctl+0x270/0x36c\n sock_do_ioctl+0x110/0x2a0\n sock_ioctl+0x2ac/0x530\n __arm64_sys_ioctl+0xa8/0x100\n invoke_syscall+0x4c/0x124\n el0_svc_common.constprop.0+0x140/0x15c\n do_el0_svc+0x30/0xd0\n el0_svc+0x1c/0x2c\n el0_sync_handler+0xb0/0xb4\n el0_sync+0x168/0x180"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net:hns3: se ha corregido el problema de que hclge_fetch_pf_reg accede al espacio de la barra fuera de los límites El espacio BAR de TQP se divide en dos segmentos. Los TQP 0-1023 y los TQP 1024-1279 están en diferentes direcciones de espacio BAR. Sin embargo, hclge_fetch_pf_reg no distingue la información del espacio tqp al leer la información del espacio tqp. Cuando el número de TQP es mayor que 1024, se produce una sobrescritura del espacio de la barra de acceso. El problema de los diferentes segmentos se ha considerado durante la inicialización de tqp.io_base. Por lo tanto, tqp.io_base se utiliza directamente cuando se lee la cola en hclge_fetch_pf_reg. Mensaje de error: No se puede gestionar la solicitud de paginación del núcleo en la dirección virtual ffff800037200000 pc : hclge_fetch_pf_reg+0x138/0x250 [hclge] lr : hclge_get_regs+0x84/0x1d0 [hclge] Call trace: hclge_fetch_pf_reg+0x138/0x250 [hclge] hclge_get_regs+0x84/0x1d0 [hclge] hns3_get_regs+0x2c/0x50 [hns3] ethtool_get_regs+0xf4/0x270 dev_ethtool+0x674/0x8a0 dev_ioctl+0x270/0x36c sock_do_ioctl+0x110/0x2a0 sock_ioctl+0x2ac/0x530 __arm64_sys_ioctl+0xa8/0x100 invoke_syscall+0x4c/0x124 el0_svc_common.constprop.0+0x140/0x15c do_el0_svc+0x30/0xd0 el0_svc+0x1c/0x2c el0_sync_handler+0xb0/0xb4 el0_sync+0x168/0x180 "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.16","versionEndExcluding":"6.5","matchCriteriaId":"A5099559-2D15-42A5-A561-71B34FEFF36F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.3","versionEndExcluding":"6.12.10","matchCriteriaId":"027A0A90-C67C-4EB4-8FF4-E9701C342DF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*","matchCriteriaId":"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*","matchCriteriaId":"5A073481-106D-4B15-B4C7-FB0213B8E1D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*","matchCriteriaId":"DE491969-75AE-4A6B-9A58-8FC5AF98798F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*","matchCriteriaId":"93C0660D-7FB8-4FBA-892A-B064BA71E49E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*","matchCriteriaId":"034C36A6-C481-41F3-AE9A-D116E5BE6895"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*","matchCriteriaId":"8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0575baa733fc4219f230aef22d5bc35d922f1e9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7997ddd46c54408bcba5e37fe18b4d832e45d4d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}