Linux Kernel Vulnerability in batman-adv Metric Worker Implementation
CVE-2025-21823

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel's batman-adv module has been identified, affecting the calculation of ELP metrics for network interfaces. This issue arises due to an improper handling of neighbor metrics that may lead to invalid memory access if not managed correctly. When attempting to cancel a metric worker, potential deadlocks can occur during the interface removal process, as certain locks held by the worker conflict with the deactivation procedure. The resolution involves redesigning the handling of metric updates to better align with RCU protected contexts, ensuring stability and reliability within the network management protocol.

Affected Version(s)

Linux c833484e5f3872a38fe232c663586069d5ad9645 < 781a06fd265a8151f7601122d9c2e985663828ff

Linux c833484e5f3872a38fe232c663586069d5ad9645

Linux c833484e5f3872a38fe232c663586069d5ad9645 < 0fdc3c166ac17b26014313fa2b93696354511b24

References

https://git.kernel.org/stable/c/781a06fd265a8151f7601122d...

https://git.kernel.org/stable/c/a7aa2317285806640c844acd4...

https://git.kernel.org/stable/c/0fdc3c166ac17b26014313fa2...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024