Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-21791
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-27 Feb, 2025 | 02:18
Updated At-03 Nov, 2025 | 20:59
Rejected At-
▼CVE Numbering Authority (CNA)
vrf: use RCU protection in l3mdev_l3_out()

In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out() Add rcu_read_lock() / rcu_read_unlock() pair to avoid a potential UAF.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/l3mdev.h
Default Status
unaffected
Versions
Affected
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 20a3489b396764cc9376e32a9172bee26a89dc3b (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 5bb4228c32261d06e4fbece37ec3828bcc005b6b (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before c7574740be8ce68a57d0aece24987b9be2114c3c (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before c40cb5c03e37552d6eff963187109e2c3f78ef6f (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 022cac1c693add610ae76ede03adf4d9d5a2cf21 (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 7b81425b517accefd46bee854d94954f5c57e019 (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 6d0ce46a93135d96b7fa075a94a88fe0da8e8773 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/l3mdev.h
Default Status
affected
Versions
Affected
  • 4.9
Unaffected
  • From 0 before 4.9 (semver)
  • From 5.4.291 through 5.4.* (semver)
  • From 5.10.235 through 5.10.* (semver)
  • From 5.15.179 through 5.15.* (semver)
  • From 6.1.129 through 6.1.* (semver)
  • From 6.6.79 through 6.6.* (semver)
  • From 6.12.16 through 6.12.* (semver)
  • From 6.13.4 through 6.13.* (semver)
  • From 6.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e
N/A
https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b
N/A
https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b
N/A
https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c
N/A
https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f
N/A
https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21
N/A
https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019
N/A
https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773
N/A
Hyperlink: https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Resource: N/A
Details not found