joseogando, thanks for the analysis! It does look like it crashes in the same function but the caller is different (i.e. not tcf_exts_miss_cookie_base_alloc but tc_new_tfilter).
May 02 07:19:29 <redacted>-bf3-a kernel: Call trace: May 02 07:19:29 <redacted>-bf3-a kernel: tcf_action_init+0x200/0x340 May 02 07:19:29 <redacted>-bf3-a kernel: tcf_exts_validate+0x16c/0x184 May 02 07:19:29 <redacted>-bf3-a kernel: fl_set_parms+0x6c/0x5f0 [cls_flower] May 02 07:19:29 <redacted>-bf3-a kernel: fl_change+0x3a0/0xc2c [cls_flower] May 02 07:19:29 <redacted>-bf3-a kernel: tc_new_tfilter+0x2f4/0x8bc https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-bluefield/+git/jammy/tree/net/sched/cls_api.c?h=Ubuntu-bluefield-5.15.0-1050.52#n2277 err = tp->ops->change(net, skb, tp, cl, t->tcm_handle, tca, &fh, flags, extack); https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-bluefield/+git/jammy/tree/net/sched/cls_flower.c?h=Ubuntu-bluefield-5.15.0-1050.52#n2100 fl_change err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], tp->chain->tmplt_priv, flags, extack); https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-bluefield/+git/jammy/tree/net/sched/cls_flower.c?h=Ubuntu-bluefield-5.15.0-1050.52#n1957 fl_set_parms err = tcf_exts_validate(net, tp, tb, est, &f->exts, flags, extack); https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-bluefield/+git/jammy/tree/net/sched/cls_api.c?h=Ubuntu-bluefield-5.15.0-1050.52#n3262 tcf_exts_validate err = tcf_action_init(net, tp, tb[exts->action], rate_tlv, exts->actions, init_res, &attr_size, flags, extack); https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-bluefield/+git/jammy/tree/net/sched/act_api.c?h=Ubuntu-bluefield-5.15.0-1050.52#n1079 tcf_action_init So I think you are right. It looked similar but it's not the same. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2109993 Title: linux-bluefield is vulnerable to CVE-2025-21857 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2109993/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
