Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-21791
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-27 Feb, 2025 | 02:18
Updated At-04 May, 2025 | 07:21
Rejected At-
▼CVE Numbering Authority (CNA)
vrf: use RCU protection in l3mdev_l3_out()

In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out() Add rcu_read_lock() / rcu_read_unlock() pair to avoid a potential UAF.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/l3mdev.h
Default Status
unaffected
Versions
Affected
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 20a3489b396764cc9376e32a9172bee26a89dc3b (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 5bb4228c32261d06e4fbece37ec3828bcc005b6b (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before c7574740be8ce68a57d0aece24987b9be2114c3c (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before c40cb5c03e37552d6eff963187109e2c3f78ef6f (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 022cac1c693add610ae76ede03adf4d9d5a2cf21 (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 7b81425b517accefd46bee854d94954f5c57e019 (git)
  • From a8e3e1a9f02094145580ea7920c6a1d9aabd5539 before 6d0ce46a93135d96b7fa075a94a88fe0da8e8773 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/l3mdev.h
Default Status
affected
Versions
Affected
  • 4.9
Unaffected
  • From 0 before 4.9 (semver)
  • From 5.4.291 through 5.4.* (semver)
  • From 5.10.235 through 5.10.* (semver)
  • From 5.15.179 through 5.15.* (semver)
  • From 6.1.129 through 6.1.* (semver)
  • From 6.6.79 through 6.6.* (semver)
  • From 6.12.16 through 6.12.* (semver)
  • From 6.13.4 through 6.13.* (semver)
  • From 6.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e
N/A
https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b
N/A
https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b
N/A
https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c
N/A
https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f
N/A
https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21
N/A
https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019
N/A
https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found