CVE-2025-21759

27.02.2025, 03:15

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: extend RCU protection in igmp6_send()

igmp6_send() can be called without RTNL or RCU being held.

Extend RCU protection so that we can safely fetch the net pointer
and avoid a potential UAF.

Note that we no longer can use sock_alloc_send_skb() because
ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.

Instead use alloc_skb() and charge the net->ipv6.igmp_sk
socket under RCU protection.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Linux	CNA	---				---
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Vendor	Product	Version
linux	linux_kernel	2.6.26 ≤ 𝑥 < 6.6.79
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.16
linux	linux_kernel	6.13 ≤ 𝑥 < 6.13.4
linux	linux_kernel	6.14:rc1
linux	linux_kernel	6.14:rc2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	6.12.20-1 fixed
sid	6.12.21-1 fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Published: 2025-02-26T23:00:00+00:00

References

https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946

https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381

https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a

https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458