CVE-2025-21961

Summary

CVE-2025-21961 is a vulnerability in the Linux kernel affecting the bnxt network driver. Specifically, when mb-xdp is set and XDP_PASS is returned, the truesize argument is incorrectly passed to xdp_update_skb_shared_info(). This issue occurs due to sinfo being wiped by napi_build_skb() before bnxt_xdp_build_skb() is called. As a result, an incorrect truesize value is used, leading to potential memory corruption. This vulnerability can be exploited through a crafted packet using the XDP mode, potentially leading to denial of service or code injection attacks. To reproduce the issue, one can set up two nodes with the specified interfaces and use a large ping packet size. This vulnerability has been resolved in newer Linux kernel versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.