CVE-2025-21759

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: extend RCU protection in igmp6_send()

igmp6_send() can be called without RTNL or RCU being held.

Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF.

Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.

Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5aaffected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 0bf8e2f3768629d437a32cb824149e6e98254381affected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 8e92d6a413feaf968a33f0b439ecf27404407458affected
LinuxLinuxb8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 087c1faa594fa07a66933d750c0b2610aa1a2946affected
LinuxLinux2.6.26affected
LinuxLinux0 < 2.6.26unaffected
LinuxLinux6.6.79 <= 6.6.*unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References