7.8

CVE-2025-21764

ndisc: use RCU protection in ndisc_alloc_skb()

In the Linux kernel, the following vulnerability has been resolved:

ndisc: use RCU protection in ndisc_alloc_skb()

ndisc_alloc_skb() can be called without RTNL or RCU being held.

Add RCU protection to avoid possible UAF.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.9 < 5.4.291
LinuxLinux Kernel Version >= 5.5 < 5.10.235
LinuxLinux Kernel Version >= 5.11 < 5.15.179
LinuxLinux Kernel Version >= 5.16 < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.79
LinuxLinux Kernel Version >= 6.7 < 6.12.16
LinuxLinux Kernel Version >= 6.13 < 6.13.4
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.142
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d
Patch
https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9
Patch
https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304
Patch
https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28
Patch
https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926
Patch
https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879
Patch
https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63
Patch
https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html