Locking Dependency Issue in the Linux Kernel for AX.25 Protocol
CVE-2025-21812

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21812?

A significant locking dependency issue in the Linux kernel exists within the AX.25 protocol implementation. This vulnerability is associated with potential race conditions and use-after-free scenarios that can arise when manipulating socket options. The root cause stems from improper dependencies between locks, creating an unsafe locking situation that may lead to deadlocks. Proper mitigation involves removing the dependency on RTNL in the ax25_setsockopt function, effectively addressing multiple potential vulnerabilities related to resource management in network configurations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux c433570458e49bccea5c551df628d058b3526289 < 2802ed4ced27ebd474828fc67ffd7d66f11e3605

Linux c433570458e49bccea5c551df628d058b3526289 < 7705d8a7f2c26c80973c81093db07c6022b2b30e

Linux c433570458e49bccea5c551df628d058b3526289 < 8937f5e38a218531dce2a89fae60e3adcc2311e1

References

https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67...
https://git.kernel.org/stable/c/7705d8a7f2c26c80973c81093...
https://git.kernel.org/stable/c/8937f5e38a218531dce2a89fa...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.