CVE-2025-21719
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipmr: do not call mr_mfc_uses_dev() for unres entries
syzbot found that calling mr_mfc_uses_dev() for unres entries would crash [1], because c->mfc_un.res.minvif / c->mfc_un.res.maxvif alias to "struct sk_buff_head unresolved", which contain two pointers.
This code never worked, lets remove it.
[1] Unable to handle kernel paging request at virtual address ffff5fff2d536613 KASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f] Modules linked in: CPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline] lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334 Call trace: mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P) mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P) mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382 ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648 rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327 rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791 netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317 netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg net/socket.c:1055 [inline] sock_read_iter+0x2d8/0x40c net/socket.c:1125 new_sync_read fs/read_write.c:484 [inline] vfs_read+0x740/0x970 fs/read_write.c:565 ksys_read+0x15c/0x26c fs/read_write.c:708
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < 71a0fcb68c0a5f3ec912b540cd5d72148e6ee5f1 | affected |
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < 53df27fd38f84bd3cd6b004eb4ff3c4903114f1d | affected |
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < 547ef7e8cbb98f966c8719a3e15d4e078aaa9b47 | affected |
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < 57177c5f47a8da852f8d76cf6945cf803f8bb9e5 | affected |
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < b379b3162ff55a70464c6a934ae9bf0497478a62 | affected |
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < a099834a51ccf9bbba3de86a251b3433539abfde | affected |
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < 26bb7d991f04eeef47dfad23e533834995c26f7a | affected |
| Linux | Linux | cb167893f41e21e6bd283d78e53489289dc0592d < 15a901361ec3fb1c393f91880e1cbf24ec0a88bd | affected |
| Linux | Linux | 4.20 | affected |
| Linux | Linux | 0 < 4.20 | unaffected |
| Linux | Linux | 5.4.291 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.235 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.179 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.129 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.76 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.13 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.2 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Additional References
References
- https://git.kernel.org/stable/c/71a0fcb68c0a5f3ec912b540cd5d72148e6ee5f1
- https://git.kernel.org/stable/c/53df27fd38f84bd3cd6b004eb4ff3c4903114f1d
- https://git.kernel.org/stable/c/547ef7e8cbb98f966c8719a3e15d4e078aaa9b47
- https://git.kernel.org/stable/c/57177c5f47a8da852f8d76cf6945cf803f8bb9e5
- https://git.kernel.org/stable/c/b379b3162ff55a70464c6a934ae9bf0497478a62
- https://git.kernel.org/stable/c/a099834a51ccf9bbba3de86a251b3433539abfde
- https://git.kernel.org/stable/c/26bb7d991f04eeef47dfad23e533834995c26f7a
- https://git.kernel.org/stable/c/15a901361ec3fb1c393f91880e1cbf24ec0a88bd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.