CVE-2025-37921

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vxlan: vnifilter: Fix unlocked deletion of default FDB entry<br /> <br /> When a VNI is deleted from a VXLAN device in &amp;#39;vnifilter&amp;#39; mode, the FDB<br /> entry associated with the default remote (assuming one was configured)<br /> is deleted without holding the hash lock. This is wrong and will result<br /> in a warning [1] being generated by the lockdep annotation that was<br /> added by commit ebe642067455 ("vxlan: Create wrappers for FDB lookup").<br /> <br /> Reproducer:<br /> <br /> # ip link add vx0 up type vxlan dstport 4789 external vnifilter local 192.0.2.1<br /> # bridge vni add vni 10010 remote 198.51.100.1 dev vx0<br /> # bridge vni del vni 10010 dev vx0<br /> <br /> Fix by acquiring the hash lock before the deletion and releasing it<br /> afterwards. Blame the original commit that introduced the issue rather<br /> than the one that exposed it.<br /> <br /> [1]<br /> WARNING: CPU: 3 PID: 392 at drivers/net/vxlan/vxlan_core.c:417 vxlan_find_mac+0x17f/0x1a0<br /> [...]<br /> RIP: 0010:vxlan_find_mac+0x17f/0x1a0<br /> [...]<br /> Call Trace:<br /> <br /> __vxlan_fdb_delete+0xbe/0x560<br /> vxlan_vni_delete_group+0x2ba/0x940<br /> vxlan_vni_del.isra.0+0x15f/0x580<br /> vxlan_process_vni_filter+0x38b/0x7b0<br /> vxlan_vnifilter_process+0x3bb/0x510<br /> rtnetlink_rcv_msg+0x2f7/0xb70<br /> netlink_rcv_skb+0x131/0x360<br /> netlink_unicast+0x426/0x710<br /> netlink_sendmsg+0x75a/0xc20<br /> __sock_sendmsg+0xc1/0x150<br /> ____sys_sendmsg+0x5aa/0x7b0<br /> ___sys_sendmsg+0xfc/0x180<br /> __sys_sendmsg+0x121/0x1b0<br /> do_syscall_64+0xbb/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x4b/0x53