Linux Kernel Vulnerability in IPsec Tunnel Mode Affecting Multiple Versions
CVE-2025-21674

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

The Linux kernel vulnerability arises from an improper locking mechanism when enabling IPsec packet offload in tunnel mode, potentially triggering a kernel panic. This is caused by a sequence of lock dependencies that could result in a deadlock scenario. Specifically, an issue exists in the SA add section where the appropriate _bh() variant should be employed for marking SA mode, while the flush_workqueue in the SA delete routine is deemed unnecessary. This vulnerability calls for immediate attention to avoid service interruptions and maintain network security.

Affected Version(s)

Linux 4c24272b4e2befca6ad1409c3c9aaa16c24b1099 < 87c4417a902151cfe4363166245a3671a08c256c

Linux 4c24272b4e2befca6ad1409c3c9aaa16c24b1099 < 6d3d69c070d920fbb146d73dd3899a50f25d0901

Linux 4c24272b4e2befca6ad1409c3c9aaa16c24b1099 < 2c3688090f8a1f085230aa839cc63e4a7b977df0

References

https://git.kernel.org/stable/c/87c4417a902151cfe43631662...

https://git.kernel.org/stable/c/6d3d69c070d920fbb146d73dd...

https://git.kernel.org/stable/c/2c3688090f8a1f085230aa839...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024