Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.

INFO

Published Date :

2025-02-27T02:18:12.994Z

Last Modified :

2025-05-04T07:20:31.433Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21759 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21759.

URL Resource
https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946 cve-icon cve-icon
https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381 cve-icon cve-icon
https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a cve-icon cve-icon
https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21759-ad7c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21759 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21759 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact