7.8
CVE-2025-21760
- EPSS 9.12%
- Veröffentlicht 27.02.2025 03:15:16
- Zuletzt bearbeitet 12.05.2026 13:16:35
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ndisc: extend RCU protection in ndisc_send_skb()
In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.26 < 5.4.291
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.235
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.179
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.129
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.79
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.16
Linux ≫ Linux Kernel Version >= 6.13 < 6.13.4
Linux ≫ Linux Kernel Version6.14 Updaterc1
Linux ≫ Linux Kernel Version6.14 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.12% | 0.947 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c
https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67
https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d
https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d
https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640
https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1
https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc
https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html