5.5

CVE-2025-21659

EPSS 0.04%
Published 21.01.2025 13:15:09
Last modified 15.10.2025 13:47:59
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

netdev: prevent accessing NAPI instances from another namespace

The NAPI IDs were not fully exposed to user space prior to the netlink
API, so they were never namespaced. The netlink API must ensure that
at the very least NAPI instance belongs to the same netns as the owner
of the genl sock.

napi_by_id() can become static now, but it needs to move because of
dev_get_by_napi_id().

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.8 < 6.12.10

Linux ≫ Linux Kernel Version6.13 Updaterc1

Linux ≫ Linux Kernel Version6.13 Updaterc2

Linux ≫ Linux Kernel Version6.13 Updaterc3

Linux ≫ Linux Kernel Version6.13 Updaterc4

Linux ≫ Linux Kernel Version6.13 Updaterc5

Linux ≫ Linux Kernel Version6.13 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://git.kernel.org/stable/c/b683ba0df11ff563cc237eb1b74d6adfa77226bf

Patch

https://git.kernel.org/stable/c/d1cacd74776895f6435941f86a1130e58f6dd226

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-21659

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21659

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21659

EUVD