Cyber Resilience

CVE-2025-21800

High

Published: 27 February 2025

Published
27 February 2025
Modified
29 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21800 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-21800 is a vulnerability in the Linux kernel's net/mlx5 driver, specifically in the HWS definer component. The issue arises when the HWS_SET32 macro receives a negative bit offset, triggering a shift-out-of-bounds condition detected by UBSAN. This occurs in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c at line 177, where a shift exponent such as -8 is negative, leading to undefined behavior.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high impacts on confidentiality, integrity, and availability, as scored at CVSS 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The unchanged scope indicates potential for severe local effects, such as kernel crashes or code execution within the mlx5 HWS context.

Mitigation involves applying kernel patches from the provided stable commits: https://git.kernel.org/stable/c/69c676c0ded472713e6d1b3a456b3c4f52f66f0e, https://git.kernel.org/stable/c/92cff996624c4757d5bbace3dfa3f1567ba94143, and https://git.kernel.org/stable/c/be482f1d10da781db9445d2753c1e3f1fd82babf. These fixes resolve the negative offset handling in the HWS_SET32 macro.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset When bit offset for HWS_SET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c:177:2 shift exponent -8 is…

more

negative

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel vulnerability enabling code execution and privilege escalation via exploitation of the mlx5 driver flaw.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.12 — 6.12.13 · 6.13 — 6.13.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates obtaining, assessing, and applying patches for known kernel flaws like the negative bit offset shift-out-of-bounds in mlx5 HWS_SET32 macro.

prevent

Vulnerability scanning and monitoring identifies deployed Linux kernels vulnerable to CVE-2025-21800 in the mlx5 driver for prioritized remediation.

prevent

Security alerts and directives from sources like kernel stable repositories ensure awareness of CVE-2025-21800 and required patching commits.

References