CVE-2025-21719

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipmr: do not call mr_mfc_uses_dev() for unres entries<br /> <br /> syzbot found that calling mr_mfc_uses_dev() for unres entries<br /> would crash [1], because c-&gt;mfc_un.res.minvif / c-&gt;mfc_un.res.maxvif<br /> alias to "struct sk_buff_head unresolved", which contain two pointers.<br /> <br /> This code never worked, lets remove it.<br /> <br /> [1]<br /> Unable to handle kernel paging request at virtual address ffff5fff2d536613<br /> KASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]<br /> Modules linked in:<br /> CPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024<br /> pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]<br /> pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334<br /> lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]<br /> lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334<br /> Call trace:<br /> mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)<br /> mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)<br /> mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382<br /> ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648<br /> rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327<br /> rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791<br /> netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317<br /> netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973<br /> sock_recvmsg_nosec net/socket.c:1033 [inline]<br /> sock_recvmsg net/socket.c:1055 [inline]<br /> sock_read_iter+0x2d8/0x40c net/socket.c:1125<br /> new_sync_read fs/read_write.c:484 [inline]<br /> vfs_read+0x740/0x970 fs/read_write.c:565<br /> ksys_read+0x15c/0x26c fs/read_write.c:708