Linux Kernel Vulnerability in Networking Component Affecting Kernel Functionality
CVE-2025-21857

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

A vulnerability has been identified in the Linux kernel networking stack, particularly within the classful queuing framework. An error in error handling during the allocation process can lead to a NULL pointer dereference. When the function tcf_exts_miss_cookie_base_alloc() erroneously treats a successful allocation returning a '1' as a failure, this misleading output can propagate through several function calls. Ultimately, this results in the kernel attempting to dereference a null pointer, leading to potential crashes or instability. Proper validation measures should be ensured to prevent such erroneous behaviors.

Affected Version(s)

Linux 80cd22c35c9001fe72bf614d29439de41933deca

Linux 80cd22c35c9001fe72bf614d29439de41933deca < 3e4c56cf41876ef2a82f0877fe2a67648f8632b8

Linux 80cd22c35c9001fe72bf614d29439de41933deca < 3c74b5787caf59bb1e9c5fe0a360643a71eb1e8a

References

https://git.kernel.org/stable/c/de4b679aa3b4da7ec34f639df...

https://git.kernel.org/stable/c/3e4c56cf41876ef2a82f0877f...

https://git.kernel.org/stable/c/3c74b5787caf59bb1e9c5fe0a...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024