{"id":"CVE-2025-21806","summary":"net: let net.core.dev_weight always be non-zero","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n  sysctl -w net.core.dev_weight=0\n  ping 127.0.0.1\n\nThis is because when the napi's weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi's weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).","modified":"2026-05-07T04:17:33.019099Z","published":"2025-02-27T20:00:58.918Z","related":["ALSA-2025:20518","SUSE-SU-2025:01600-1","SUSE-SU-2025:01614-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20206-1","SUSE-SU-2025:20270-1","SUSE-SU-2025:20283-1","USN-7521-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21806.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0e2f1d93d287d544d26f8ff293ea820a8079b9f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1489824e5226a26841c70639ebd2d1aed390764b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/33e2168788f8fb5cb8bd4f36cb1ef37d1d34dada"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5860abbf15eeb61838b5e32e721ba67b0aa84450"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ce38b5a6a49e65bad163162a54cb3f104c40b48"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c337c08819a4ec49edfdcd8fc46fbee120d8a5b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0e0f9c8218826926d7692980c98236d9f21fd3c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1f9f79fa2af8e3b45cffdeef66e05833480148a"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21806.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21806"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e3876605450979fe52a1a03e7eb78a89bf59e76a"},{"fixed":"d0e0f9c8218826926d7692980c98236d9f21fd3c"},{"fixed":"c337c08819a4ec49edfdcd8fc46fbee120d8a5b2"},{"fixed":"0e2f1d93d287d544d26f8ff293ea820a8079b9f8"},{"fixed":"5860abbf15eeb61838b5e32e721ba67b0aa84450"},{"fixed":"6ce38b5a6a49e65bad163162a54cb3f104c40b48"},{"fixed":"33e2168788f8fb5cb8bd4f36cb1ef37d1d34dada"},{"fixed":"1489824e5226a26841c70639ebd2d1aed390764b"},{"fixed":"d1f9f79fa2af8e3b45cffdeef66e05833480148a"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21806.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.12"},{"fixed":"5.4.291"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.235"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.179"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.129"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.76"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.13"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.13.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21806.json"}}],"schema_version":"1.7.5"}