Description
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinity_hint In stmmac_request_irq_multi_msi(), a pointer to the stack variable cpu_mask is passed to irq_set_affinity_hint(). This value is stored in irq_desc->affinity_hint, but once stmmac_request_irq_multi_msi() returns, the pointer becomes dangling. The affinity_hint is exposed via procfs with S_IRUGO permissions, allowing any unprivileged process to read it. Accessing this stale pointer can lead to: - a kernel oops or panic if the referenced memory has been released and unmapped, or - leakage of kernel data into userspace if the memory is re-used for other purposes. All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are affected.
Product status
8deec94c6040bb4a767f6e9456a0a44c7f2e713e (git) before 960dab23f6d405740c537d095f90a4ee9ddd9285
8deec94c6040bb4a767f6e9456a0a44c7f2e713e (git) before 442312c2a90d60c7a5197246583fa91d9e579985
8deec94c6040bb4a767f6e9456a0a44c7f2e713e (git) before e148266e104fce396ad624079a6812ac3a9982ef
8deec94c6040bb4a767f6e9456a0a44c7f2e713e (git) before 9e51a6a44e2c4de780a26e8fe110d708e806a8cd
8deec94c6040bb4a767f6e9456a0a44c7f2e713e (git) before c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef
5.13
Any version before 5.13
6.6.117 (semver)
6.12.36 (semver)
6.13.12 (semver)
6.14.3 (semver)
6.15 (original_commit_for_fix)
References
git.kernel.org/...c/960dab23f6d405740c537d095f90a4ee9ddd9285
git.kernel.org/...c/442312c2a90d60c7a5197246583fa91d9e579985
git.kernel.org/...c/e148266e104fce396ad624079a6812ac3a9982ef
git.kernel.org/...c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd
git.kernel.org/...c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
