CVE-2025-21763

Summary

In the Linux kernel, the following vulnerability has been resolved:

neighbour: use RCU protection in __neigh_notify()

__neigh_notify() can be called without RTNL or RCU protection.

Use RCU protection to avoid potential UAF.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < e1aed6be381bcd7f46d4ca9d7ef0f5f3d6a1be32affected
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < 8666e9aab801328c1408a19fbf4070609dc0695aaffected
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < 40d8f2f2a373b6c294ffac394d2bb814b572ead1affected
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < 784eb2376270e086f7db136d154b8404edacf97baffected
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < 1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379affected
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < cdd5c2a12ddad8a77ce1838ff9f29aa587de82dfaffected
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < 559307d25235e24b5424778c7332451b6c741159affected
LinuxLinux426b5303eb435d98b9bee37a807be386bc2b3320 < becbd5850c03ed33b232083dd66c6e38c0c0e569affected
LinuxLinux2.6.25affected
LinuxLinux0 < 2.6.25unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.79 <= 6.6.*unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

Additional References

References