CVE-2025-21764

Feb. 27, 2025, 6:15 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d
https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9
https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304
https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28
https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2025-02-27
CVE-2025-21764

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Feb. 27, 2025, 3:15 a.m.
Last Modified: Feb. 27, 2025, 6:15 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.