Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2025-39851

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
19/09/2025
Última modificación:
19/09/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vxlan: Fix NPD when refreshing an FDB entry with a nexthop object<br /> <br /> VXLAN FDB entries can point to either a remote destination or an FDB<br /> nexthop group. The latter is usually used in EVPN deployments where<br /> learning is disabled.<br /> <br /> However, when learning is enabled, an incoming packet might try to<br /> refresh an FDB entry that points to an FDB nexthop group and therefore<br /> does not have a remote. Such packets should be dropped, but they are<br /> only dropped after dereferencing the non-existent remote, resulting in a<br /> NPD [1] which can be reproduced using [2].<br /> <br /> Fix by dropping such packets earlier. Remove the misleading comment from<br /> first_remote_rcu().<br /> <br /> [1]<br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> [...]<br /> CPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014<br /> RIP: 0010:vxlan_snoop+0x98/0x1e0<br /> [...]<br /> Call Trace:<br /> <br /> vxlan_encap_bypass+0x209/0x240<br /> encap_bypass_if_local+0xb1/0x100<br /> vxlan_xmit_one+0x1375/0x17e0<br /> vxlan_xmit+0x6b4/0x15f0<br /> dev_hard_start_xmit+0x5d/0x1c0<br /> __dev_queue_xmit+0x246/0xfd0<br /> packet_sendmsg+0x113a/0x1850<br /> __sock_sendmsg+0x38/0x70<br /> __sys_sendto+0x126/0x180<br /> __x64_sys_sendto+0x24/0x30<br /> do_syscall_64+0xa4/0x260<br /> entry_SYSCALL_64_after_hwframe+0x4b/0x53<br /> <br /> [2]<br /> #!/bin/bash<br /> <br /> ip address add 192.0.2.1/32 dev lo<br /> ip address add 192.0.2.2/32 dev lo<br /> <br /> ip nexthop add id 1 via 192.0.2.3 fdb<br /> ip nexthop add id 10 group 1 fdb<br /> <br /> ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass<br /> ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning<br /> <br /> bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020<br /> bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10<br /> <br /> mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q

Impacto

Referencias a soluciones, herramientas e información