CVE-2025-21761
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
ovs_vport_cmd_fill_info() can be called without RTNL or RCU.
Use RCU protection and dev_net_rcu() to avoid potential UAF.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < e85a25d1a9985645e796039e843d1de581d2de1e | affected |
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < a8816b3f1f151373fd30f1996f00480126c8bb11 | affected |
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < a884f57600e463f69d7b279c4598b865260b62a1 | affected |
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < 7e01abc34e87abd091e619161a20f54ed4e3e2da | affected |
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < 8ec57509c36c8b9a23e50b7858dda0c520a2d074 | affected |
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < a849a10de5e04d798f7f286a2f1ca174719a617a | affected |
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < 5828937742af74666192835d657095d95c53dbd0 | affected |
| Linux | Linux | 9354d452034273a50a4fd703bea31e5d6b1fc20b < 90b2f49a502fa71090d9f4fe29a2f51fe5dff76d | affected |
| Linux | Linux | 4.15 | affected |
| Linux | Linux | 0 < 4.15 | unaffected |
| Linux | Linux | 5.4.291 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.235 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.179 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.129 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.79 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Additional References
References
- https://git.kernel.org/stable/c/e85a25d1a9985645e796039e843d1de581d2de1e
- https://git.kernel.org/stable/c/a8816b3f1f151373fd30f1996f00480126c8bb11
- https://git.kernel.org/stable/c/a884f57600e463f69d7b279c4598b865260b62a1
- https://git.kernel.org/stable/c/7e01abc34e87abd091e619161a20f54ed4e3e2da
- https://git.kernel.org/stable/c/8ec57509c36c8b9a23e50b7858dda0c520a2d074
- https://git.kernel.org/stable/c/a849a10de5e04d798f7f286a2f1ca174719a617a
- https://git.kernel.org/stable/c/5828937742af74666192835d657095d95c53dbd0
- https://git.kernel.org/stable/c/90b2f49a502fa71090d9f4fe29a2f51fe5dff76d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.