CVE-2025-21764

Summary

In the Linux kernel, the following vulnerability has been resolved:

ndisc: use RCU protection in ndisc_alloc_skb()

ndisc_alloc_skb() can be called without RTNL or RCU being held.

Add RCU protection to avoid possible UAF.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < 96fc896d0e5b37c12808df797397fb16f3080879affected
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1affected
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < b870256dd2a5648d5ed2f22316b3ac29a7e5ed63affected
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < 3c2d705f5adf5d860aaef90cb4211c0fde2ba66daffected
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < 9e0ec817eb41a55327a46cd3ce331a9868d60304affected
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < bbec88e4108e8d6fb468d3817fa652140a44ff28affected
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < cd1065f92eb7ff21b9ba5308a86f33d1670bf926affected
LinuxLinuxde09334b9326632bbf1a74bfd8b01866cbbf2f61 < 628e6d18930bbd21f2d4562228afe27694f66da9affected
LinuxLinux3.9affected
LinuxLinux0 < 3.9unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.79 <= 6.6.*unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

Additional References

References