7.8
CVE-2025-21759
- EPSS 7.17%
- Veröffentlicht 27.02.2025 03:15:16
- Zuletzt bearbeitet 24.03.2025 17:33:09
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ipv6: mcast: extend RCU protection in igmp6_send()
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.26 < 6.6.79
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.16
Linux ≫ Linux Kernel Version >= 6.13 < 6.13.4
Linux ≫ Linux Kernel Version6.14 Updaterc1
Linux ≫ Linux Kernel Version6.14 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.17% | 0.935 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946
https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381
https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a
https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458