CVE-2025-21637

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sctp: sysctl: udp_port: avoid using current-&gt;nsproxy<br /> <br /> As mentioned in a previous commit of this series, using the &amp;#39;net&amp;#39;<br /> structure via &amp;#39;current&amp;#39; is not recommended for different reasons:<br /> <br /> - Inconsistency: getting info from the reader&amp;#39;s/writer&amp;#39;s netns vs only<br /> from the opener&amp;#39;s netns.<br /> <br /> - current-&gt;nsproxy can be NULL in some cases, resulting in an &amp;#39;Oops&amp;#39;<br /> (null-ptr-deref), e.g. when the current task is exiting, as spotted by<br /> syzbot [1] using acct(2).<br /> <br /> The &amp;#39;net&amp;#39; structure can be obtained from the table-&gt;data using<br /> container_of().<br /> <br /> Note that table-&gt;data could also be used directly, but that would<br /> increase the size of this fix, while &amp;#39;sctp.ctl_sock&amp;#39; still needs to be<br /> retrieved from &amp;#39;net&amp;#39; structure.