Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-21764
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-27 Feb, 2025 | 02:18
Updated At-03 Nov, 2025 | 19:37
Rejected At-
▼CVE Numbering Authority (CNA)
ndisc: use RCU protection in ndisc_alloc_skb()

In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv6/ndisc.c
Default Status
unaffected
Versions
Affected
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before 96fc896d0e5b37c12808df797397fb16f3080879 (git)
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1 (git)
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before b870256dd2a5648d5ed2f22316b3ac29a7e5ed63 (git)
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before 3c2d705f5adf5d860aaef90cb4211c0fde2ba66d (git)
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before 9e0ec817eb41a55327a46cd3ce331a9868d60304 (git)
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before bbec88e4108e8d6fb468d3817fa652140a44ff28 (git)
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before cd1065f92eb7ff21b9ba5308a86f33d1670bf926 (git)
  • From de09334b9326632bbf1a74bfd8b01866cbbf2f61 before 628e6d18930bbd21f2d4562228afe27694f66da9 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv6/ndisc.c
Default Status
affected
Versions
Affected
  • 3.9
Unaffected
  • From 0 before 3.9 (semver)
  • From 5.4.291 through 5.4.* (semver)
  • From 5.10.235 through 5.10.* (semver)
  • From 5.15.179 through 5.15.* (semver)
  • From 6.1.129 through 6.1.* (semver)
  • From 6.6.79 through 6.6.* (semver)
  • From 6.12.16 through 6.12.* (semver)
  • From 6.13.4 through 6.13.* (semver)
  • From 6.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879
N/A
https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1
N/A
https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63
N/A
https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d
N/A
https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304
N/A
https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28
N/A
https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926
N/A
https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9
N/A
Hyperlink: https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Resource: N/A
Details not found