{"vulnerability": "CVE-2025-21834", "sightings": [{"uuid": "8f49fe6f-eda6-4a40-9f73-0cb3c65d3269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21834", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:43.000000Z"}, {"uuid": "3c70d435-a61b-4127-8ce5-98594579871b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21834", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:23.000000Z"}, {"uuid": "487a528c-258d-446d-bf34-b087027f9997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21834", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6702", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21834\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nseccomp: passthrough uretprobe systemcall without filtering\n\nWhen attaching uretprobes to processes running inside docker, the attached\nprocess is segfaulted when encountering the retprobe.\n\nThe reason is that now that uretprobe is a system call the default seccomp\nfilters in docker block it as they only allow a specific set of known\nsyscalls. This is true for other userspace applications which use seccomp\nto control their syscall surface.\n\nSince uretprobe is a \"kernel implementation detail\" system call which is\nnot used by userspace application code directly, it is impractical and\nthere's very little point in forcing all userspace applications to\nexplicitly allow it in order to avoid crashing tracked processes.\n\nPass this systemcall through seccomp without depending on configuration.\n\nNote: uretprobe is currently only x86_64 and isn't expected to ever be\nsupported in i386.\n\n[kees: minimized changes for easier backporting, tweaked commit log]\n\ud83d\udccf Published: 2025-03-06T16:22:35.490Z\n\ud83d\udccf Modified: 2025-03-06T16:22:35.490Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5a262628f4cf2437d863fe41f9d427177b87664c\n2. https://git.kernel.org/stable/c/fa80018aa5be10c35e9fa896b7b4061a8dce3eed\n3. https://git.kernel.org/stable/c/cf6cb56ef24410fb5308f9655087f1eddf4452e6", "creation_timestamp": "2025-03-06T16:34:00.000000Z"}, {"uuid": "563efd93-ba03-4012-9b8f-aa9e6509984c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21834", "type": "seen", "source": "https://t.me/cvedetector/19720", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21834 - Docker Seccomp Uretprobe Passthrough Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21834 \nPublished : March 6, 2025, 5:15 p.m. | 1\u00a0hour ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nseccomp: passthrough uretprobe systemcall without filtering  \n  \nWhen attaching uretprobes to processes running inside docker, the attached  \nprocess is segfaulted when encountering the retprobe.  \n  \nThe reason is that now that uretprobe is a system call the default seccomp  \nfilters in docker block it as they only allow a specific set of known  \nsyscalls. This is true for other userspace applications which use seccomp  \nto control their syscall surface.  \n  \nSince uretprobe is a \"kernel implementation detail\" system call which is  \nnot used by userspace application code directly, it is impractical and  \nthere's very little point in forcing all userspace applications to  \nexplicitly allow it in order to avoid crashing tracked processes.  \n  \nPass this systemcall through seccomp without depending on configuration.  \n  \nNote: uretprobe is currently only x86_64 and isn't expected to ever be  \nsupported in i386.  \n  \n[kees: minimized changes for easier backporting, tweaked commit log] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T19:41:39.000000Z"}]}