CVE-2025-71080

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT<br /> <br /> On PREEMPT_RT kernels, after rt6_get_pcpu_route() returns NULL, the<br /> current task can be preempted. Another task running on the same CPU<br /> may then execute rt6_make_pcpu_route() and successfully install a<br /> pcpu_rt entry. When the first task resumes execution, its cmpxchg()<br /> in rt6_make_pcpu_route() will fail because rt6i_pcpu is no longer<br /> NULL, triggering the BUG_ON(prev). It&amp;#39;s easy to reproduce it by adding<br /> mdelay() after rt6_get_pcpu_route().<br /> <br /> Using preempt_disable/enable is not appropriate here because<br /> ip6_rt_pcpu_alloc() may sleep.<br /> <br /> Fix this by handling the cmpxchg() failure gracefully on PREEMPT_RT:<br /> free our allocation and return the existing pcpu_rt installed by<br /> another task. The BUG_ON is replaced by WARN_ON_ONCE for non-PREEMPT_RT<br /> kernels where such races should not occur.