{"id":"CVE-2025-23155","summary":"net: stmmac: Fix accessing freed irq affinity_hint","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix accessing freed irq affinity_hint\n\nIn stmmac_request_irq_multi_msi(), a pointer to the stack variable\ncpu_mask is passed to irq_set_affinity_hint(). This value is stored in\nirq_desc-\u003eaffinity_hint, but once stmmac_request_irq_multi_msi()\nreturns, the pointer becomes dangling.\n\nThe affinity_hint is exposed via procfs with S_IRUGO permissions,\nallowing any unprivileged process to read it. Accessing this stale\npointer can lead to:\n\n- a kernel oops or panic if the referenced memory has been released and\n  unmapped, or\n- leakage of kernel data into userspace if the memory is re-used for\n  other purposes.\n\nAll platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are\naffected.","modified":"2026-04-24T06:42:50.481002153Z","published":"2025-05-01T12:55:41.607Z","related":["SUSE-SU-2025:02249-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02335-1","SUSE-SU-2025:02538-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20421-1","SUSE-SU-2025:3716-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23155.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2fbf67ddb8a0d0efc00d2df496a9843ec318d48b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/442312c2a90d60c7a5197246583fa91d9e579985"},{"type":"WEB","url":"https://git.kernel.org/stable/c/960dab23f6d405740c537d095f90a4ee9ddd9285"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23155.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23155"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8deec94c6040bb4a767f6e9456a0a44c7f2e713e"},{"fixed":"2fbf67ddb8a0d0efc00d2df496a9843ec318d48b"},{"fixed":"960dab23f6d405740c537d095f90a4ee9ddd9285"},{"fixed":"442312c2a90d60c7a5197246583fa91d9e579985"},{"fixed":"e148266e104fce396ad624079a6812ac3a9982ef"},{"fixed":"9e51a6a44e2c4de780a26e8fe110d708e806a8cd"},{"fixed":"c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23155.json"}}],"schema_version":"1.7.5"}