CVE-2025-21763
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
neighbour: use RCU protection in __neigh_notify()
__neigh_notify() can be called without RTNL or RCU protection.
Use RCU protection to avoid potential UAF.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < e1aed6be381bcd7f46d4ca9d7ef0f5f3d6a1be32 | affected |
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < 8666e9aab801328c1408a19fbf4070609dc0695a | affected |
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < 40d8f2f2a373b6c294ffac394d2bb814b572ead1 | affected |
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < 784eb2376270e086f7db136d154b8404edacf97b | affected |
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < 1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379 | affected |
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < cdd5c2a12ddad8a77ce1838ff9f29aa587de82df | affected |
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < 559307d25235e24b5424778c7332451b6c741159 | affected |
| Linux | Linux | 426b5303eb435d98b9bee37a807be386bc2b3320 < becbd5850c03ed33b232083dd66c6e38c0c0e569 | affected |
| Linux | Linux | 2.6.25 | affected |
| Linux | Linux | 0 < 2.6.25 | unaffected |
| Linux | Linux | 5.4.291 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.235 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.179 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.129 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.79 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Additional References
References
- https://git.kernel.org/stable/c/e1aed6be381bcd7f46d4ca9d7ef0f5f3d6a1be32
- https://git.kernel.org/stable/c/8666e9aab801328c1408a19fbf4070609dc0695a
- https://git.kernel.org/stable/c/40d8f2f2a373b6c294ffac394d2bb814b572ead1
- https://git.kernel.org/stable/c/784eb2376270e086f7db136d154b8404edacf97b
- https://git.kernel.org/stable/c/1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379
- https://git.kernel.org/stable/c/cdd5c2a12ddad8a77ce1838ff9f29aa587de82df
- https://git.kernel.org/stable/c/559307d25235e24b5424778c7332451b6c741159
- https://git.kernel.org/stable/c/becbd5850c03ed33b232083dd66c6e38c0c0e569
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.