CVE-2025-21640

Summary

In the Linux kernel, the following vulnerability has been resolved:

sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:

  • Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.

  • current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).

The 'net' structure can be obtained from the table->data using container_of().

Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is used.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3c68198e75111a905ac2412be12bf7b29099729b < 5599b212d2f4466e1832a94e9932684aaa364587affected
LinuxLinux3c68198e75111a905ac2412be12bf7b29099729b < 03ca51faba2b017bf6c90e139434c4117d0afcdcaffected
LinuxLinux3c68198e75111a905ac2412be12bf7b29099729b < 86ddf8118123cb58a0fb8724cad6979c4069065baffected
LinuxLinux3c68198e75111a905ac2412be12bf7b29099729b < 3cd0659deb9c03535fd61839e91d4d4d3e51ac71affected
LinuxLinux3c68198e75111a905ac2412be12bf7b29099729b < ad673e514b2793b8d5902f6ba6ab7e890dea23d5affected
LinuxLinux3c68198e75111a905ac2412be12bf7b29099729b < f0bb3935470684306e4e04793a20ac4c4b08de0baffected
LinuxLinux3c68198e75111a905ac2412be12bf7b29099729b < ea62dd1383913b5999f3d16ae99d411f41b528d4affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux5.4.292 <= 5.4.*unaffected
LinuxLinux5.10.234 <= 5.10.*unaffected
LinuxLinux5.15.177 <= 5.15.*unaffected
LinuxLinux6.1.125 <= 6.1.*unaffected
LinuxLinux6.6.72 <= 6.6.*unaffected
LinuxLinux6.12.10 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References