5.5

CVE-2025-21659

EPSS 0.02%
Veröffentlicht 21.01.2025 13:15:09
Zuletzt bearbeitet 15.10.2025 13:47:59
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netdev: prevent accessing NAPI instances from another namespace

In the Linux kernel, the following vulnerability has been resolved:

netdev: prevent accessing NAPI instances from another namespace

The NAPI IDs were not fully exposed to user space prior to the netlink
API, so they were never namespaced. The netlink API must ensure that
at the very least NAPI instance belongs to the same netns as the owner
of the genl sock.

napi_by_id() can become static now, but it needs to move because of
dev_get_by_napi_id().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

NVD 7 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.8 < 6.12.10

Linux ≫ Linux Kernel Version6.13 Updaterc1

Linux ≫ Linux Kernel Version6.13 Updaterc2

Linux ≫ Linux Kernel Version6.13 Updaterc3

Linux ≫ Linux Kernel Version6.13 Updaterc4

Linux ≫ Linux Kernel Version6.13 Updaterc5

Linux ≫ Linux Kernel Version6.13 Updaterc6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b683ba0df11ff563cc237eb1b74d6adfa77226bf

Patch

https://git.kernel.org/stable/c/d1cacd74776895f6435941f86a1130e58f6dd226

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-21659

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21659

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21659

EUVD