Hello Dimitrii! I just noticed that the commit that introduced the CVE hasn't even landed in the mentioned kernel.
We introduced it to the tree 5 days ago https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux- bluefield/+git/jammy/commit/net/sched/cls_api.c?h=master- next&id=26fddd808c6c44274d571d9b15e5b29eb0a84cdc So yes, by introducing the patch we will likely make it vulnerable to that CVE, but at this point, it isn't. Perhaps I am mistaken but my conclusion would be that your null pointer dereference is caused by something else. FWIW, the docker file you shared is usign 1060 version of the bluefield kernel - I think that is fairly old. If this is expected to be used as the Docker file is describing, I would recommend contacting NVIDIA support. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2109993 Title: linux-bluefield is vulnerable to CVE-2025-21857 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2109993/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
