CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21768 – net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
https://notcve.org/view.php?id=CVE-2025-21768
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own cache, and the lwtunnel state will never be freed. Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks. I'm not sure if rpl and seg6 can actually hit this, but in principle I don... • https://git.kernel.org/stable/c/6c8702c60b88651072460f3f4026c7dfe2521d12 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21767 – clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
https://notcve.org/view.php?id=CVE-2025-21767
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clock... • https://git.kernel.org/stable/c/7560c02bdffb7c52d1457fa551b9e745d4b9e754 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21766 – ipv4: use RCU protection in __ip_rt_update_pmtu()
https://notcve.org/view.php?id=CVE-2025-21766
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear. • https://git.kernel.org/stable/c/2fbc6e89b2f1403189e624cabaf73e189c5e50c6 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21765 – ipv6: use RCU protection in ip6_default_advmss()
https://notcve.org/view.php?id=CVE-2025-21765
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear. • https://git.kernel.org/stable/c/5578689a4e3c04f2d43ea39736fd3fa396d80c6e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21764 – ndisc: use RCU protection in ndisc_alloc_skb()
https://notcve.org/view.php?id=CVE-2025-21764
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF. • https://git.kernel.org/stable/c/de09334b9326632bbf1a74bfd8b01866cbbf2f61 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21763 – neighbour: use RCU protection in __neigh_notify()
https://notcve.org/view.php?id=CVE-2025-21763
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. • https://git.kernel.org/stable/c/426b5303eb435d98b9bee37a807be386bc2b3320 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21762 – arp: use RCU protection in arp_xmit()
https://notcve.org/view.php?id=CVE-2025-21762
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. • https://git.kernel.org/stable/c/29a26a56803855a79dbd028cd61abee56237d6e5 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21761 – openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
https://notcve.org/view.php?id=CVE-2025-21761
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RCU protection and dev_net_rcu() to avoid potential UAF. • https://git.kernel.org/stable/c/9354d452034273a50a4fd703bea31e5d6b1fc20b •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21760 – ndisc: extend RCU protection in ndisc_send_skb()
https://notcve.org/view.php?id=CVE-2025-21760
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF. • https://git.kernel.org/stable/c/1762f7e88eb34f653b4a915be99a102e347dd45e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21759 – ipv6: mcast: extend RCU protection in igmp6_send()
https://notcve.org/view.php?id=CVE-2025-21759
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. • https://git.kernel.org/stable/c/b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 •