CVE-2025-21764
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ndisc: use RCU protection in ndisc_alloc_skb()
ndisc_alloc_skb() can be called without RTNL or RCU being held.
Add RCU protection to avoid possible UAF.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < 96fc896d0e5b37c12808df797397fb16f3080879 | affected |
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1 | affected |
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < b870256dd2a5648d5ed2f22316b3ac29a7e5ed63 | affected |
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < 3c2d705f5adf5d860aaef90cb4211c0fde2ba66d | affected |
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < 9e0ec817eb41a55327a46cd3ce331a9868d60304 | affected |
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < bbec88e4108e8d6fb468d3817fa652140a44ff28 | affected |
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < cd1065f92eb7ff21b9ba5308a86f33d1670bf926 | affected |
| Linux | Linux | de09334b9326632bbf1a74bfd8b01866cbbf2f61 < 628e6d18930bbd21f2d4562228afe27694f66da9 | affected |
| Linux | Linux | 3.9 | affected |
| Linux | Linux | 0 < 3.9 | unaffected |
| Linux | Linux | 5.4.291 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.235 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.179 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.129 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.79 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Additional References
References
- https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879
- https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1
- https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63
- https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d
- https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304
- https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28
- https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926
- https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.