Description

In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the frag_list used for reassembly isn't shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular references between fragments and their skb_shared_info. The upcoming MCTP-over-USB driver uses skb_clone which can trigger the problem - other MCTP drivers don't share SKBs. A kunit test is added to reproduce the issue.

INFO

Published Date :

2025-04-01T15:47:04.960Z

Last Modified :

2025-05-04T07:26:10.249Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21972 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21972.

URL Resource
https://git.kernel.org/stable/c/5c47d5bfa7b096cf8890afac32141c578583f8e0 cve-icon cve-icon
https://git.kernel.org/stable/c/f44fff3d3c6cd67b6f348b821d73c4d6888c7a6e cve-icon cve-icon
https://git.kernel.org/stable/c/f5d83cf0eeb90fade4d5c4d17d24b8bee9ceeecc cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025040146-CVE-2025-21972-1415@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21972 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21972 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact