Improper Validation of Specified Type of Input in libperf | CVE-2025-21954

Threat Intelligence

0.09% (25^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL10-LIBPERF-11311856
published30 Jul 2025
disclosed1 Apr 2025

Report a new vulnerability Found a mistake?

Introduced: 1 Apr 2025

CVE-2025-21954 (opens in a new tab) CWE-1287 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libperf package and not the libperf package as distributed by RHEL.

In the Linux kernel, the following vulnerability has been resolved:

netmem: prevent TX of unreadable skbs

Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device's TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it.

Fix this by preventing the xmit of unreadable skbs.

Tested by configuring tc redirect:

sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto
tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1

Before, I see unreadable skbs in the driver's TX path passed to dma mapping APIs.

After, I don't see unreadable skbs in the driver's TX path passed to dma mapping APIs.

Improper Validation of Specified Type of Input The advisory has been revoked - it doesn't affect any version of package libperf (opens in a new tab)

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 1 Apr 2025

Amendment

NVD Description

References