5.5

CVE-2025-21637

sctp: sysctl: udp_port: avoid using current->nsproxy

In the Linux kernel, the following vulnerability has been resolved:

sctp: sysctl: udp_port: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net'
structure via 'current' is not recommended for different reasons:

- Inconsistency: getting info from the reader's/writer's netns vs only
  from the opener's netns.

- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
  (null-ptr-deref), e.g. when the current task is exiting, as spotted by
  syzbot [1] using acct(2).

The 'net' structure can be obtained from the table->data using
container_of().

Note that table->data could also be used directly, but that would
increase the size of this fix, while 'sctp.ctl_sock' still needs to be
retrieved from 'net' structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.177
LinuxLinux Kernel Version >= 5.16 < 6.1.125
LinuxLinux Kernel Version >= 6.2 < 6.6.72
LinuxLinux Kernel Version >= 6.7 < 6.12.10
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
LinuxLinux Kernel Version6.13 Updaterc5
LinuxLinux Kernel Version6.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.107
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/0a0966312ac3eedd7f5f2a766ed4702df39a9a65
Patch
https://git.kernel.org/stable/c/55627918febdf9d71107a1e68d1528dc591c9a15
Patch
https://git.kernel.org/stable/c/5b77d73f3be5102720fb685b9e6900e3500e1096
Patch
https://git.kernel.org/stable/c/c10377bbc1972d858eaf0ab366a311b39f8ef1b6
Patch
https://git.kernel.org/stable/c/e919197fb8616331f5dc81e4c3cc3d12769cb725
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html