CVE-2025-22057

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: decrease cached dst counters in dst_release<br /> <br /> Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in<br /> dst_release()") moved decrementing the dst count from dst_destroy to<br /> dst_release to avoid accessing already freed data in case of netns<br /> dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels<br /> are used, this fix is incomplete as the same issue will be seen for<br /> cached dsts:<br /> <br /> Unable to handle kernel paging request at virtual address ffff5aabf6b5c000<br /> Call trace:<br /> percpu_counter_add_batch+0x3c/0x160 (P)<br /> dst_release+0xec/0x108<br /> dst_cache_destroy+0x68/0xd8<br /> dst_destroy+0x13c/0x168<br /> dst_destroy_rcu+0x1c/0xb0<br /> rcu_do_batch+0x18c/0x7d0<br /> rcu_core+0x174/0x378<br /> rcu_core_si+0x18/0x30<br /> <br /> Fix this by invalidating the cache, and thus decrementing cached dst<br /> counters, in dst_release too.