Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: blackhole timeout: avoid using current->nsproxy As mentioned in the previous commit, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'pernet' structure can be obtained from the table->data using container_of().

INFO

Published Date :

2025-01-19T10:17:58.351Z

Last Modified :

2025-10-01T19:57:17.498Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21641 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21641.

URL Resource
https://git.kernel.org/stable/c/4c74fbdc5ab95b13945be01e6065940b68222db7 cve-icon cve-icon
https://git.kernel.org/stable/c/92cf7a51bdae24a32c592adcdd59a773ae149289 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2025-21641-0897@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21641 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21641 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact