CVE-2025-21629— net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
Affected Version Matrix 22
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a84978a9cda68f0afe3f01d476c68db21526baf1< ac9cfef69565021c9e1022a493a9c40b03e2caf9 | affected |
c69bc67c1cb211aa390bea6e512bb01b1241fefb< 95ccf006bbc8b59044313b8c309dcf29c546abd4 | affected | ||
04c20a9356f283da623903e81e7c6d5df7e4dc3c< d3b7a9c7597b779039a51d7b34116fbe424bf2b7 | affected | ||
04c20a9356f283da623903e81e7c6d5df7e4dc3c< 68e068cabd2c6c533ef934c2e5151609cf6ecc6d | affected | ||
bcefc3cd7f592a70fcbbbfd7ad1fbc69172ea78b | affected | ||
477b35d94a21530046fe91589960732fcf2b29ed | affected | ||
a27a5c40ee4cbe00294e2c76160de5f2589061ba | affected | ||
9f605135a5c0fe614c2b15197b9ced1e217eca59 | affected | ||
| … +14 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-21629
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIF_F_IPV6_CSUM, based on the definition of that feature in skbuff.h: * * - %NETIF_F_IPV6_CSUM * - Driver (device) is only able to checksum plain * TCP or UDP packets over IPv6. These are specifically * unencapsulated packets of the form IPv6|TCP or * IPv6|UDP where the Next Header field in the IPv6 * header is either TCP or UDP. IPv6 extension headers * are not supported with this feature. This feature * cannot be set in features for a device with * NETIF_F_HW_CSUM also set. This feature is being * DEPRECATED (see below). The change causes skb_warn_bad_offload to fire for BIG TCP packets. [ 496.310233] WARNING: CPU: 13 PID: 23472 at net/core/dev.c:3129 skb_warn_bad_offload+0xc4/0xe0 [ 496.310297] ? skb_warn_bad_offload+0xc4/0xe0 [ 496.310300] skb_checksum_help+0x129/0x1f0 [ 496.310303] skb_csum_hwoffload_help+0x150/0x1b0 [ 496.310306] validate_xmit_skb+0x159/0x270 [ 496.310309] validate_xmit_skb_list+0x41/0x70 [ 496.310312] sch_direct_xmit+0x5c/0x250 [ 496.310317] __qdisc_run+0x388/0x620 BIG TCP introduced an IPV6_TLV_JUMBO IPv6 extension header to communicate packet length, as this is an IPv6 jumbogram. But, the feature is only enabled on devices that support BIG TCP TSO. The header is only present for PF_PACKET taps like tcpdump, and not transmitted by physical devices. For this specific case of extension headers that are not transmitted, return to the situation before the blamed commit and support hardware offload. ipv6_has_hopopt_jumbo() tests not only whether this header is present, but also that it is the only extension header before a terminal (L4) header.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于net组件存在IPv6扩展头处理问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-21629
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-21629
请登录查看更多情报信息。
Patches & Fixes for CVE-2025-21629 (4)
Same Patch Batch · Linux · 2025-01-15 · 32 CVEs total
| CVE-2024-57898 | wifi: cfg80211: clear link ID from bitmap during link delete after clean up | |
| CVE-2024-57857 | RDMA/siw: Remove direct link to net_device | |
| CVE-2024-57844 | drm/xe: Fix fault on fd close after unbind | |
| CVE-2024-57841 | net: fix memory leak in tcp_conn_request() | |
| CVE-2024-57802 | netrom: check buffer length before accessing it | |
| CVE-2024-57801 | net/mlx5e: Skip restore TC rules for vport rep without loaded flag | |
| CVE-2024-57795 | RDMA/rxe: Remove the direct link to net_device | |
| CVE-2024-54031 | netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext | |
| CVE-2024-53681 | nvmet: Don't overflow subsysnqn | |
| CVE-2024-39282 | net: wwan: t7xx: Fix FSM command timeout issue | |
| CVE-2024-36476 | RDMA/rtrs: Ensure 'ib_sge list' is accessible | |
| CVE-2024-57903 | net: restrict SO_REUSEPORT to inet sockets | |
| CVE-2024-57901 | af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK | |
| CVE-2024-57902 | af_packet: fix vlan_get_tci() vs MSG_PEEK | |
| CVE-2024-57900 | ila: serialize calls to nf_register_net_hooks() | |
| CVE-2024-57899 | wifi: mac80211: fix mbss changed flags corruption on 32 bit systems | |
| CVE-2024-57882 | mptcp: fix TCP options overflow. | |
| CVE-2024-57897 | drm/amdkfd: Correct the migration DMA map direction | |
| CVE-2024-57896 | btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount | |
| CVE-2024-57895 | ksmbd: set ATTR_CTIME flags when setting mtime |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2025-21629
No comments yet