Linux Kernel Vulnerability in Rose Timers Affecting Google Compute Engine
CVE-2025-21718

7HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-21718?

A vulnerability in the Linux kernel's rose timer functionality allows potential race conditions against user threads, which may lead to a use-after-free error. The issue occurs when rose timers only acquire a socket spinlock without checking the ownership of the socket. This oversight can be exploited, particularly under conditions of concurrent access, leading to unexpected behavior and possible instability in applications relying on rose timers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 52f5aff33ca73b2c2fa93f40a3de308012e63cf4

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0d5bca3be27bfcf8f980f2fed49b6cbb7dafe4a1

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1409b45d4690308c502c6caf22f01c3c205b4717

References

https://git.kernel.org/stable/c/52f5aff33ca73b2c2fa93f40a...

https://git.kernel.org/stable/c/0d5bca3be27bfcf8f980f2fed...

https://git.kernel.org/stable/c/1409b45d4690308c502c6caf2...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21718?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.