Use-After-Free Vulnerability in Linux Kernel Networking
CVE-2025-21764

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability exists in the Linux kernel's networking component that impacts the ndisc_alloc_skb() function. This function can be invoked without holding the necessary Real-Time Networking Lock (RTNL) or Read-Copy Update (RCU) protections, potentially leading to a Use-After-Free condition. This flaw has been addressed by introducing RCU protection to ensure safe memory management, thereby enhancing overall system robustness against exploitation.

Affected Version(s)

Linux de09334b9326632bbf1a74bfd8b01866cbbf2f61 < 3c2d705f5adf5d860aaef90cb4211c0fde2ba66d

Linux de09334b9326632bbf1a74bfd8b01866cbbf2f61 < 9e0ec817eb41a55327a46cd3ce331a9868d60304

Linux de09334b9326632bbf1a74bfd8b01866cbbf2f61

References

https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb...

https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3c...

https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024