CVE-2025-21761

Feb. 27, 2025, 6:15 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RCU protection and dev_net_rcu() to avoid potential UAF.

Product(s) Impacted

Product Versions
Linux Kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://git.kernel.org/stable/c/5828937742af74666192835d657095d95c53dbd0
https://git.kernel.org/stable/c/7e01abc34e87abd091e619161a20f54ed4e3e2da
https://git.kernel.org/stable/c/8ec57509c36c8b9a23e50b7858dda0c520a2d074
https://git.kernel.org/stable/c/90b2f49a502fa71090d9f4fe29a2f51fe5dff76d
https://git.kernel.org/stable/c/a849a10de5e04d798f7f286a2f1ca174719a617a

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2025-02-27
CVE-2025-21761

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Feb. 27, 2025, 3:15 a.m.
Last Modified: Feb. 27, 2025, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.