Linux Kernel Vulnerability in IGMP Protocol Operations
CVE-2025-21759

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21759?

A vulnerability in the Linux kernel related to the IGMP (Internet Group Management Protocol) operations can lead to potential use-after-free issues. The flaw occurs when the function igmp6_send() is called without the appropriate RCU (Read-Copy-Update) or RTNL (Routing Netlink) protections being held, which may compromise network functionality and stability. To mitigate this issue, RCU protection has been extended to safely retrieve the net pointer, thus avoiding the potential for exploitation. The method has also been adjusted to utilize alloc_skb() instead of sock_alloc_send_skb() to prevent the use of GFP_KERNEL allocations that may lead to sleeping under RCU conditions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a

Linux b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 0bf8e2f3768629d437a32cb824149e6e98254381

Linux b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 8e92d6a413feaf968a33f0b439ecf27404407458

References

https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d9...
https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb82...
https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b43...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.