Potential Use-After-Free Vulnerability in Linux Kernel Network Neighbor Management
CVE-2025-21763

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

The vulnerability in the Linux kernel's neighbor management subsystem relates to the __neigh_notify() function, which lacked proper protection with RCU (Read-Copy-Update) or RTNL (Reverse Tree Node Lock). This oversight could lead to potential use-after-free scenarios, enabling an attacker to exploit memory management errors. The implementation now adopts RCU protection to enhance stability and security, mitigating risks associated with improper memory access and ensuring more robust network operations.

Affected Version(s)

Linux 426b5303eb435d98b9bee37a807be386bc2b3320 < 784eb2376270e086f7db136d154b8404edacf97b

Linux 426b5303eb435d98b9bee37a807be386bc2b3320 < 1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379

Linux 426b5303eb435d98b9bee37a807be386bc2b3320

References

https://git.kernel.org/stable/c/784eb2376270e086f7db136d1...

https://git.kernel.org/stable/c/1cbb2aa90cd3fba15ad7efb5c...

https://git.kernel.org/stable/c/cdd5c2a12ddad8a77ce1838ff...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024