Linux Kernel Vulnerability in Drop Monitor Affects VMware Virtual Platform
CVE-2025-21862

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

The Linux kernel contains a vulnerability within the drop_monitor system where a spinlock may be invoked before its proper initialization. This occurs specifically when the drop_monitor is being loaded as a kernel module, and a command to start the netlink monitoring service is received before the resources are set up properly. This misconfiguration can lead to unpredictable behavior, including system instability and potential denial of service conditions.

Affected Version(s)

Linux 9a8afc8d3962f3ed26fd6b56db34133860ed1e72 < 6e9e0f224ffd8b819da3ea247dda404795fdd182

Linux 9a8afc8d3962f3ed26fd6b56db34133860ed1e72 < 29f9cdcab3d96d5207a5c92b52c40ad75e5915d8

Linux 9a8afc8d3962f3ed26fd6b56db34133860ed1e72 < 872c7c7e57a746046796ddfead529c9d37b9f6b4

References

https://git.kernel.org/stable/c/6e9e0f224ffd8b819da3ea247...

https://git.kernel.org/stable/c/29f9cdcab3d96d5207a5c92b5...

https://git.kernel.org/stable/c/872c7c7e57a746046796ddfea...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024