CVE-2025-21749

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: rose: lock the socket in rose_bind()

syzbot reported a soft lockup in rose_loopback_timer(), with a repro calling bind() from multiple threads.

rose_bind() must lock the socket to avoid this issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b8bf5c3fb778bbb1f3ff7d98ec577c969f687513affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ed00c5f907d08a647b8bf987514ad8c6b17971a7affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d308661a0f4e7c8e86dfc7074a55ee5894c61538affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 667f61b3498df751c8b3f0be1637e7226cbe3ed0affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e0384efd45f615603e6869205b72040c209e69ccaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 970cd2ed26cdab2b0f15b6d90d7eaa36538244a5affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4c04b0ab3a647e76d0e752b013de8e404abafc63affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a1300691aed9ee852b0a9192e29e2bdc2411a7e6affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.78 <= 6.6.*unaffected
LinuxLinux6.12.14 <= 6.12.*unaffected
LinuxLinux6.13.3 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References