Description

In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.

INFO

Published Date :

2025-02-27T02:18:13.496Z

Last Modified :

2025-11-03T19:37:05.973Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21760 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21760.

URL Resource
https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c cve-icon cve-icon
https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1 cve-icon cve-icon
https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc cve-icon cve-icon
https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67 cve-icon cve-icon
https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d cve-icon cve-icon
https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d cve-icon cve-icon
https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d cve-icon cve-icon
https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21760-fb9d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21760 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21760 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact