Linux Kernel Vulnerability in NDIS: Potential Unintentional Access Issues
CVE-2025-21760

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-21760?

A vulnerability has been identified in the Linux kernel's NDIS subsystem where the ndisc_send_skb() function can be invoked without proper Real-Time Networking Layer (RTNL) or Read-Copy-Update (RCU) protections. This oversight may lead to unintended memory access, specifically a potential Use After Free (UAF) condition. The issue has been mitigated by adjusting the placement of the rcu_read_lock() to ensure it is acquired earlier, thereby enabling safer usage of the dev_net_rcu() function and reducing the risk of memory corruption or unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1762f7e88eb34f653b4a915be99a102e347dd45e < 10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1

Linux 1762f7e88eb34f653b4a915be99a102e347dd45e < 4d576202b90b1b95a7c428a80b536f91b8201bcc

Linux 1762f7e88eb34f653b4a915be99a102e347dd45e

References

https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72...

https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80...

https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21760?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.