CVE-2025-68341

EPSS 0.02%
Veröffentlicht 23.12.2025 13:58:26
Zuletzt bearbeitet 23.12.2025 14:51:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

veth: reduce XDP no_direct return section to fix race

As explain in commit fa349e396e48 ("veth: Fix race with AF_XDP exposing
old or uninitialized descriptors") for veth there is a chance after
napi_complete_done() that another CPU can manage start another NAPI
instance running veth_pool(). For NAPI this is correctly handled as the
napi_schedule_prep() check will prevent multiple instances from getting
scheduled, but for the remaining code in veth_pool() this can run
concurrent with the newly started NAPI instance.

The problem/race is that xdp_clear_return_frame_no_direct() isn't
designed to be nested.

Prior to commit 401cb7dae813 ("net: Reference bpf_redirect_info via
task_struct on PREEMPT_RT.") the temporary BPF net context
bpf_redirect_info was stored per CPU, where this wasn't an issue. Since
this commit the BPF context is stored in 'current' task_struct. When
running veth in threaded-NAPI mode, then the kthread becomes the storage
area. Now a race exists between two concurrent veth_pool() function calls
one exiting NAPI and one running new NAPI, both using the same BPF net
context.

Race is when another CPU gets within the xdp_set_return_frame_no_direct()
section before exiting veth_pool() calls the clear-function
xdp_clear_return_frame_no_direct().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c1ceabcb347d1b0f7e70a7384ec7eff3847b7628

Version 401cb7dae8130fd34eb84648e02ab4c506df7d5e

Status affected

Version < d0bd018ad72a8a598ae709588934135017f8af52

Version 401cb7dae8130fd34eb84648e02ab4c506df7d5e

Status affected

Version < a14602fcae17a3f1cb8a8521bedf31728f9e7e39

Version 401cb7dae8130fd34eb84648e02ab4c506df7d5e

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.11

Status affected

Version < 6.11

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.61

Status unaffected

Version <= 6.17.*

Version 6.17.11

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/c1ceabcb347d1b0f7e70a7384ec7eff3847b7628

https://git.kernel.org/stable/c/d0bd018ad72a8a598ae709588934135017f8af52

https://git.kernel.org/stable/c/a14602fcae17a3f1cb8a8521bedf31728f9e7e39

https://nvd.nist.gov/vuln/detail/CVE-2025-68341

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68341

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68341

EUVD