Linux Kernel Vulnerability in l3mdev Functionality by The Linux Foundation

CVE-2025-21791

Summary

A security flaw was identified within the Linux kernel related to the l3mdev function that could be exploited if RCU protection is not properly implemented. The vulnerability arises when the l3mdev_l3_out() function is executed without the required RCU lock, leading to a potential Use After Free (UAF) scenario. This issue necessitates the implementation of rcu_read_lock() and rcu_read_unlock() calls in the code to safeguard against unauthorized memory access and ensure robust data integrity in networking operations.

References