{"vulnerability": "CVE-2025-21670", "sightings": [{"uuid": "29412972-29f0-43f4-9344-474161b5f375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzy3c6nnd2i", "content": "", "creation_timestamp": "2025-01-31T12:16:18.815242Z"}, {"uuid": "3ff643b7-8d40-4779-9d9c-1b38d4d8a4bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3liwa2ghhtq2x", "content": "", "creation_timestamp": "2025-02-24T11:18:44.154814Z"}, {"uuid": "576b9e53-3c9e-4b6f-9b83-56ba2367901e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "7f71e8b8-8ea2-47a3-b226-389bc74aba7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3656", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21670\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk->transport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().\n\ud83d\udccf Published: 2025-01-31T12:33:02Z\n\ud83d\udccf Modified: 2025-01-31T12:33:02Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-21670\n2. https://git.kernel.org/stable/c/58e586c30d0b6f5dc0174a41026f2b0a48c9aab6\n3. https://git.kernel.org/stable/c/6771e1279dadf1d92a72e1465134257d9e6f2459\n4. https://git.kernel.org/stable/c/f6abafcd32f9cfc4b1a2f820ecea70773e26d423", "creation_timestamp": "2025-01-31T13:15:09.000000Z"}, {"uuid": "197015f0-63fe-48e6-b0a7-53b7d1cba623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2585", "content": "#exploit\n1. CVE-2025-20029:\nCommand Injection in TMSH CLI in F5 BIG-IP\nhttps://github.com/mbadanoiu/CVE-2025-20029\n\n2. Dropping a 0 day:\nParallels Desktop Repack Root Privilege Escalation (CVE-2024-34331)\nhttps://jhftss.github.io/Parallels-0-day\n\n3. CVE-2025-21669/CVE-2025-21670:\nvsock/virtio: discard packets if the transport changes / vsock/bpf: return early if transport is not assigned (Linux Kernel)\nhttps://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html", "creation_timestamp": "2025-02-28T07:48:31.000000Z"}, {"uuid": "653ef917-6988-4eec-b3a5-b896a264b815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11859", "content": "#exploit\n1. CVE-2025-20029:\nCommand Injection in TMSH CLI in F5 BIG-IP\nhttps://github.com/mbadanoiu/CVE-2025-20029\n\n2. Dropping a 0 day:\nParallels Desktop Repack Root Privilege Escalation (CVE-2024-34331)\nhttps://jhftss.github.io/Parallels-0-day\n\n3. CVE-2025-21669/CVE-2025-21670:\nvsock/virtio: discard packets if the transport changes / vsock/bpf: return early if transport is not assigned (Linux Kernel)\nhttps://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html", "creation_timestamp": "2025-02-26T00:08:02.000000Z"}, {"uuid": "dbf0be37-e65f-4c04-bb30-7f13bd854a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "https://t.me/cvedetector/16942", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21670 - \"Linux Kernel Vsock Transport NULL Pointer Dereference Vulnerability in BPF\"\", \n \"Content\": \"CVE ID : CVE-2025-21670 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nvsock/bpf: return early if transport is not assigned \n \nSome of the core functions can only be called if the transport \nhas been assigned. \n \nAs Michal reported, a socket might have the transport at NULL, \nfor example after a failed connect(), causing the following trace: \n \n BUG: kernel NULL pointer dereference, address: 00000000000000a0 \n #PF: supervisor read access in kernel mode \n #PF: error_code(0x0000) - not-present page \n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 \n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI \n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ \n RIP: 0010:vsock_connectible_has_data+0x1f/0x40 \n Call Trace: \n vsock_bpf_recvmsg+0xca/0x5e0 \n sock_recvmsg+0xb9/0xc0 \n __sys_recvfrom+0xb3/0x130 \n __x64_sys_recvfrom+0x20/0x30 \n do_syscall_64+0x93/0x180 \n entry_SYSCALL_64_after_hwframe+0x76/0x7e \n \nSo we need to check the `vsk->transport` in vsock_bpf_recvmsg(), \nespecially for connected sockets (stream/seqpacket) as we already \ndo in __vsock_connectible_recvmsg(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:40.000000Z"}, {"uuid": "cc866b7a-e9cf-4fe7-af22-e94a1bd68175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6980", "content": "#exploit\n1. CVE-2025-20029:\nCommand Injection in TMSH CLI in F5 BIG-IP\nhttps://github.com/mbadanoiu/CVE-2025-20029\n\n2. Dropping a 0 day:\nParallels Desktop Repack Root Privilege Escalation (CVE-2024-34331)\nhttps://jhftss.github.io/Parallels-0-day\n\n3. CVE-2025-21669/CVE-2025-21670:\nvsock/virtio: discard packets if the transport changes / vsock/bpf: return early if transport is not assigned (Linux Kernel)\nhttps://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html", "creation_timestamp": "2025-02-28T07:48:31.000000Z"}]}