CVE-2025-21758

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: add RCU protection to mld_newpack()

mld_newpack() can be called without RTNL or RCU being held.

Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.

Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 29fa42197f26a97cde29fa8c40beddf44ea5c8f3affected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < e8af3632a7f2da83e27b083f787bced1faba00b1affected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 1b91c597b0214b1b462eb627ec02658c944623f2affected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 25195f9d5ffcc8079ad743a50c0409dbdc48d98aaffected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < d60d493b0e65647e0335e6a7c4547abcea7df8e9affected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < a527750d877fd334de87eef81f1cb5f0f0ca3373affected
LinuxLinux2.6.26affected
LinuxLinux0 < 2.6.26unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.79 <= 6.6.*unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References