Locking Dependency Issue in the Linux Kernel for AX.25 Protocol
CVE-2025-21812

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A significant locking dependency issue in the Linux kernel exists within the AX.25 protocol implementation. This vulnerability is associated with potential race conditions and use-after-free scenarios that can arise when manipulating socket options. The root cause stems from improper dependencies between locks, creating an unsafe locking situation that may lead to deadlocks. Proper mitigation involves removing the dependency on RTNL in the ax25_setsockopt function, effectively addressing multiple potential vulnerabilities related to resource management in network configurations.

Affected Version(s)

Linux c433570458e49bccea5c551df628d058b3526289 < 2802ed4ced27ebd474828fc67ffd7d66f11e3605

Linux c433570458e49bccea5c551df628d058b3526289 < 7705d8a7f2c26c80973c81093db07c6022b2b30e

Linux c433570458e49bccea5c551df628d058b3526289 < 8937f5e38a218531dce2a89fae60e3adcc2311e1

References

https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67...

https://git.kernel.org/stable/c/7705d8a7f2c26c80973c81093...

https://git.kernel.org/stable/c/8937f5e38a218531dce2a89fa...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024