CVE-2025-21760

In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c	Patch
https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1	Patch
https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc	Patch
https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67	Patch
https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d	Patch
https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d	Patch
https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d	Patch
https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::

History

24 Mar 2025, 17:38

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c -~~	() https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c - Patch
References	~~() https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1 -~~	() https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1 - Patch
References	~~() https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc -~~	() https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc - Patch
References	~~() https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67 -~~	() https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67 - Patch
References	~~() https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d -~~	() https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d - Patch
References	~~() https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d -~~	() https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d - Patch
References	~~() https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d -~~	() https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d - Patch
References	~~() https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640 -~~	() https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640 - Patch

13 Mar 2025, 13:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1 - () https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc - () https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ndisc: extender la protección de RCU en ndisc_send_skb() ndisc_send_skb() se puede llamar sin RTNL o RCU retenido. Adquiera rcu_read_lock() antes, para que podamos usar dev_net_rcu() y evitar un posible UAF.

27 Feb 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-416

27 Feb 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-27 03:15

Updated : 2025-03-24 17:38

NVD link : CVE-2025-21760

Mitre link : CVE-2025-21760

CVE.ORG link : CVE-2025-21760

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10