CVE-2025-21760
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb()
ndisc_send_skb() can be called without RTNL or RCU held.
Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < 10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1 | affected |
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < 4d576202b90b1b95a7c428a80b536f91b8201bcc | affected |
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < e24d225e4cb8cf108bde00b76594499b98f0a74d | affected |
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d | affected |
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < ae38982f521621c216fc2f5182cd091f4734641d | affected |
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < 789230e5a8c1097301afc802e242c79bc8835c67 | affected |
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < 04e05112f10354ffc3bb6cc796d553bab161594c | affected |
| Linux | Linux | 1762f7e88eb34f653b4a915be99a102e347dd45e < ed6ae1f325d3c43966ec1b62ac1459e2b8e45640 | affected |
| Linux | Linux | 2.6.26 | affected |
| Linux | Linux | 0 < 2.6.26 | unaffected |
| Linux | Linux | 5.4.291 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.235 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.179 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.129 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.79 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Additional References
References
- https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1
- https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc
- https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d
- https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d
- https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d
- https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67
- https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c
- https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.