Device Management Flaw in Linux Kernel's GTP Implementation by The Linux Foundation
CVE-2025-21678

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

A vulnerability exists in the GTP implementation of the Linux Kernel that affects the device management process related to UDP sockets within network namespaces. Specifically, the GTP interface does not properly associate the device with the correct network namespace after the UDP socket is created. This flaw leads to potential resource management instability when the source network namespace is removed, causing system instability and potential crashes. It is crucial that the Linux kernel's handling of GTP devices and sockets is reviewed and updated to ensure proper linkage and cleanup to prevent such issues.

Affected Version(s)

Linux 459aa660eb1d8ce67080da1983bb81d716aa5a69

Linux 459aa660eb1d8ce67080da1983bb81d716aa5a69 < 5f1678346109ff3a6d229d33437fcba3cce9209d

Linux 459aa660eb1d8ce67080da1983bb81d716aa5a69 < 036f8d814a2cd11ee8ef62b8f3e7ce5dec0ee4f3

References

https://git.kernel.org/stable/c/c986380c1d5274c4d5e935add...

https://git.kernel.org/stable/c/5f1678346109ff3a6d229d334...

https://git.kernel.org/stable/c/036f8d814a2cd11ee8ef62b8f...

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024