CVE-2025-21638

Summary

In the Linux kernel, the following vulnerability has been resolved:

sctp: sysctl: auth_enable: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:

  • Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.

  • current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).

The 'net' structure can be obtained from the table->data using container_of().

Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb14878ccb7fac0242db82720b784ab62c467c0dc < cf387cdebfaebae228dfba162f94c567a67610c3affected
LinuxLinuxb14878ccb7fac0242db82720b784ab62c467c0dc < dc583e7e5f8515ca489c0df28e4362a70eade382affected
LinuxLinuxb14878ccb7fac0242db82720b784ab62c467c0dc < bd2a2939423566c654545fa3e96a656662a0af9eaffected
LinuxLinuxb14878ccb7fac0242db82720b784ab62c467c0dc < 1b67030d39f2b00f94ac1f0af11ba6657589e4d3affected
LinuxLinuxb14878ccb7fac0242db82720b784ab62c467c0dc < 7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6affected
LinuxLinuxb14878ccb7fac0242db82720b784ab62c467c0dc < c184bc621e3cef03ac9ba81a50dda2dae6a21d36affected
LinuxLinuxb14878ccb7fac0242db82720b784ab62c467c0dc < 15649fd5415eda664ef35780c2013adeb5d9c695affected
LinuxLinuxe5eae4a0511241959498b180fa0df0d4f1b11b9caffected
LinuxLinux88830f227a1f96e44d82ddfcb0cc81d517ec6dd8affected
LinuxLinux3938b0336a93fa5faa242dc9e5823ac69df9e066affected
LinuxLinux3.10.41 < 3.11affected
LinuxLinux3.12.21 < 3.13affected
LinuxLinux3.14.5 < 3.15affected
LinuxLinux3.15affected
LinuxLinux0 < 3.15unaffected
LinuxLinux5.4.292 <= 5.4.*unaffected
LinuxLinux5.10.234 <= 5.10.*unaffected
LinuxLinux5.15.177 <= 5.15.*unaffected
LinuxLinux6.1.125 <= 6.1.*unaffected
LinuxLinux6.6.72 <= 6.6.*unaffected
LinuxLinux6.12.10 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References