CVE-2025-21759
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: extend RCU protection in igmp6_send()
igmp6_send() can be called without RTNL or RCU being held.
Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF.
Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.
Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a | affected |
| Linux | Linux | b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 0bf8e2f3768629d437a32cb824149e6e98254381 | affected |
| Linux | Linux | b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 8e92d6a413feaf968a33f0b439ecf27404407458 | affected |
| Linux | Linux | b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 087c1faa594fa07a66933d750c0b2610aa1a2946 | affected |
| Linux | Linux | 2.6.26 | affected |
| Linux | Linux | 0 < 2.6.26 | unaffected |
| Linux | Linux | 6.6.79 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a
- https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381
- https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458
- https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.