CVE-2025-22060
net: mvpp2: Prevent parser TCAM memory corruption
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
net: mvpp2: Prevent parser TCAM memory corruption
Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM
information, from concurrent modifications.
Both the TCAM and SRAM tables are indirectly accessed by configuring
an index register that selects the row to read or write to. This means
that operations must be atomic in order to, e.g., avoid spreading
writes across multiple rows. Since the shadow SRAM array is used to
find free rows in the hardware table, it must also be protected in
order to avoid TOCTOU errors where multiple cores allocate the same
row.
This issue was detected in a situation where `mvpp2_set_rx_mode()` ran
concurrently on two CPUs. In this particular case the
MVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the
classifier unit to drop all incoming unicast - indicated by the
`rx_classifier_drops` counter.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/stable/c/46c1e23e34c9d1eaadf37f88216d9d8ce0d0bceehttps://git.kernel.org/stable/c/5b0ae1723a7d9574ae1aee7d9cf9757a30069865https://git.kernel.org/stable/c/96844075226b49af25a69a1d084b648ec2d9b08dhttps://git.kernel.org/stable/c/b3f48a41a00d6d8d9c6fe09ae47dd21c8c1c8b03https://git.kernel.org/stable/c/e3711163d14d02af9005e4cdad30899c565f13fbhttps://git.kernel.org/stable/c/e64e9b6e86b39db3baa576fd73da73533b54cb2dhttps://git.kernel.org/stable/c/fcbfb54a0269875cf3cd6a2bff4f85a2e0a0b552https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html