Linux Kernel Vulnerability in IGMP Protocol Operations
CVE-2025-21759

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel related to the IGMP (Internet Group Management Protocol) operations can lead to potential use-after-free issues. The flaw occurs when the function igmp6_send() is called without the appropriate RCU (Read-Copy-Update) or RTNL (Routing Netlink) protections being held, which may compromise network functionality and stability. To mitigate this issue, RCU protection has been extended to safely retrieve the net pointer, thus avoiding the potential for exploitation. The method has also been adjusted to utilize alloc_skb() instead of sock_alloc_send_skb() to prevent the use of GFP_KERNEL allocations that may lead to sleeping under RCU conditions.

Affected Version(s)

Linux b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a

Linux b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 0bf8e2f3768629d437a32cb824149e6e98254381

Linux b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 8e92d6a413feaf968a33f0b439ecf27404407458

References

https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d9...

https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb82...

https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b43...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024