CVE-2025-21764
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
27/02/2025
Last modified:
21/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ndisc: use RCU protection in ndisc_alloc_skb()<br />
<br />
ndisc_alloc_skb() can be called without RTNL or RCU being held.<br />
<br />
Add RCU protection to avoid possible UAF.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.9 (including) | 5.4.291 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.235 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.179 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.129 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.79 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d
- https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9
- https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879
- https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304
- https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63
- https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28
- https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1
- https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926