Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0333
Vulnerability from certfr_avis - Published: 2025-04-18 - Updated: 2025-04-18
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.133-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2024-40973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40973"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2024-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26767"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2023-52927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52927"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2024-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24855"
},
{
"name": "CVE-2024-58005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2023-52857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52857"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21938"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2024-58079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58079"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-42129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42129"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2025-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21971"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2024-35866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35866"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2024-38611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38611"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2025-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21865"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2024-46772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46772"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
}
],
"initial_release_date": "2025-04-18T00:00:00",
"last_revision_date": "2025-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0333",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2025-04-12",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5900-1",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00062.html"
}
]
}
CVE-2025-21875 (GCVE-0-2025-21875)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:57 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
mptcp: always handle address removal under msk socket lock
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: always handle address removal under msk socket lock
Syzkaller reported a lockdep splat in the PM control path:
WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]
WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]
WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788
Modules linked in:
CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]
RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]
RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788
Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 <0f> 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff
RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283
RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000
RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408
RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000
R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0
R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00
FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59
mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486
mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]
mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348
netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:733
____sys_sendmsg+0x53a/0x860 net/socket.c:2573
___sys_sendmsg net/socket.c:2627 [inline]
__sys_sendmsg+0x269/0x350 net/socket.c:2659
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7e9998cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9
RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007
RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088
Indeed the PM can try to send a RM_ADDR over a msk without acquiring
first the msk socket lock.
The bugged code-path comes from an early optimization: when there
are no subflows, the PM should (usually) not send RM_ADDR
notifications.
The above statement is incorrect, as without locks another process
could concur
---truncated---
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b6c08380860b926752d57c8fa9911fa388c4b876 , < 494ec285535632732eaa5786297a9ae4f731b5ff
(git)
Affected: b6c08380860b926752d57c8fa9911fa388c4b876 , < 7cca31035c05819643ffb5d7518e9a331b3f6651 (git) Affected: b6c08380860b926752d57c8fa9911fa388c4b876 , < 8116fb4acd5d3f06cd37f84887dbe962b6703b1c (git) Affected: b6c08380860b926752d57c8fa9911fa388c4b876 , < a05da2be18aae7e82572f8d795f41bb49f5dfc7d (git) Affected: b6c08380860b926752d57c8fa9911fa388c4b876 , < 4124b782ec2b1e2e490cf0bbf10f53dfd3479890 (git) Affected: b6c08380860b926752d57c8fa9911fa388c4b876 , < 2c3de6dff4373f1036e003f49a32629359530bdb (git) Affected: b6c08380860b926752d57c8fa9911fa388c4b876 , < f865c24bc55158313d5779fc81116023a6940ca3 (git) |
|
| Linux | Linux |
Affected:
5.10
Unaffected: 0 , < 5.10 (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:31.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "494ec285535632732eaa5786297a9ae4f731b5ff",
"status": "affected",
"version": "b6c08380860b926752d57c8fa9911fa388c4b876",
"versionType": "git"
},
{
"lessThan": "7cca31035c05819643ffb5d7518e9a331b3f6651",
"status": "affected",
"version": "b6c08380860b926752d57c8fa9911fa388c4b876",
"versionType": "git"
},
{
"lessThan": "8116fb4acd5d3f06cd37f84887dbe962b6703b1c",
"status": "affected",
"version": "b6c08380860b926752d57c8fa9911fa388c4b876",
"versionType": "git"
},
{
"lessThan": "a05da2be18aae7e82572f8d795f41bb49f5dfc7d",
"status": "affected",
"version": "b6c08380860b926752d57c8fa9911fa388c4b876",
"versionType": "git"
},
{
"lessThan": "4124b782ec2b1e2e490cf0bbf10f53dfd3479890",
"status": "affected",
"version": "b6c08380860b926752d57c8fa9911fa388c4b876",
"versionType": "git"
},
{
"lessThan": "2c3de6dff4373f1036e003f49a32629359530bdb",
"status": "affected",
"version": "b6c08380860b926752d57c8fa9911fa388c4b876",
"versionType": "git"
},
{
"lessThan": "f865c24bc55158313d5779fc81116023a6940ca3",
"status": "affected",
"version": "b6c08380860b926752d57c8fa9911fa388c4b876",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:12.769Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/494ec285535632732eaa5786297a9ae4f731b5ff"
},
{
"url": "https://git.kernel.org/stable/c/7cca31035c05819643ffb5d7518e9a331b3f6651"
},
{
"url": "https://git.kernel.org/stable/c/8116fb4acd5d3f06cd37f84887dbe962b6703b1c"
},
{
"url": "https://git.kernel.org/stable/c/a05da2be18aae7e82572f8d795f41bb49f5dfc7d"
},
{
"url": "https://git.kernel.org/stable/c/4124b782ec2b1e2e490cf0bbf10f53dfd3479890"
},
{
"url": "https://git.kernel.org/stable/c/2c3de6dff4373f1036e003f49a32629359530bdb"
},
{
"url": "https://git.kernel.org/stable/c/f865c24bc55158313d5779fc81116023a6940ca3"
}
],
"title": "mptcp: always handle address removal under msk socket lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21875",
"datePublished": "2025-03-27T14:57:06.154Z",
"dateReserved": "2024-12-29T08:45:45.781Z",
"dateUpdated": "2026-05-11T21:08:12.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21877 (GCVE-0-2025-21877)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:57 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
usbnet: gl620a: fix endpoint checking in genelink_bind()
Summary
In the Linux kernel, the following vulnerability has been resolved:
usbnet: gl620a: fix endpoint checking in genelink_bind()
Syzbot reports [1] a warning in usb_submit_urb() triggered by
inconsistencies between expected and actually present endpoints
in gl620a driver. Since genelink_bind() does not properly
verify whether specified eps are in fact provided by the device,
in this case, an artificially manufactured one, one may get a
mismatch.
Fix the issue by resorting to a usbnet utility function
usbnet_get_endpoints(), usually reserved for this very problem.
Check for endpoints and return early before proceeding further if
any are missing.
[1] Syzbot report:
usb 5-1: Manufacturer: syz
usb 5-1: SerialNumber: syz
usb 5-1: config 0 descriptor??
gl620a 5-1:0.23 usb0: register 'gl620a' at usb-dummy_hcd.0-1, ...
------------[ cut here ]------------
usb 5-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503
Modules linked in:
CPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: mld mld_ifc_work
RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503
...
Call Trace:
<TASK>
usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467
__netdev_start_xmit include/linux/netdevice.h:5002 [inline]
netdev_start_xmit include/linux/netdevice.h:5011 [inline]
xmit_one net/core/dev.c:3590 [inline]
dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606
sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343
__dev_xmit_skb net/core/dev.c:3827 [inline]
__dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400
dev_queue_xmit include/linux/netdevice.h:3168 [inline]
neigh_resolve_output net/core/neighbour.c:1514 [inline]
neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494
neigh_output include/net/neighbour.h:539 [inline]
ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141
__ip6_finish_output net/ipv6/ip6_output.c:215 [inline]
ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247
dst_output include/net/dst.h:450 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
NF_HOOK include/linux/netfilter.h:308 [inline]
mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819
mld_send_cr net/ipv6/mcast.c:2120 [inline]
mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Severity
No CVSS data available.
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
47ee3051c856cc2aa95d35d577a8cb37279d540f , < 5f2dbabbce04b1ffcd6d8d07564adb94db577536
(git)
Affected: 47ee3051c856cc2aa95d35d577a8cb37279d540f , < 24dd971104057c8828d420a48e0a5af6e6f30d3e (git) Affected: 47ee3051c856cc2aa95d35d577a8cb37279d540f , < 9bcb8cbc3e5d67eb223bfb7e2291a270dbb699dc (git) Affected: 47ee3051c856cc2aa95d35d577a8cb37279d540f , < 67ebc3391c8377738e97a43374054d9718fdb6e4 (git) Affected: 47ee3051c856cc2aa95d35d577a8cb37279d540f , < a2ee5e55b50a97d13617c8653482c0ad4decff8c (git) Affected: 47ee3051c856cc2aa95d35d577a8cb37279d540f , < 4e8b8d43373bf837be159366f0192502f97ec7a5 (git) Affected: 47ee3051c856cc2aa95d35d577a8cb37279d540f , < ded25730c96949cb8b048b29c557e38569124943 (git) Affected: 47ee3051c856cc2aa95d35d577a8cb37279d540f , < 1cf9631d836b289bd5490776551961c883ae8a4f (git) |
|
| Linux | Linux |
Affected:
2.6.14
Unaffected: 0 , < 2.6.14 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:34.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/gl620a.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f2dbabbce04b1ffcd6d8d07564adb94db577536",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
},
{
"lessThan": "24dd971104057c8828d420a48e0a5af6e6f30d3e",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
},
{
"lessThan": "9bcb8cbc3e5d67eb223bfb7e2291a270dbb699dc",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
},
{
"lessThan": "67ebc3391c8377738e97a43374054d9718fdb6e4",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
},
{
"lessThan": "a2ee5e55b50a97d13617c8653482c0ad4decff8c",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
},
{
"lessThan": "4e8b8d43373bf837be159366f0192502f97ec7a5",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
},
{
"lessThan": "ded25730c96949cb8b048b29c557e38569124943",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
},
{
"lessThan": "1cf9631d836b289bd5490776551961c883ae8a4f",
"status": "affected",
"version": "47ee3051c856cc2aa95d35d577a8cb37279d540f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/gl620a.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.14"
},
{
"lessThan": "2.6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "2.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:15.045Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f2dbabbce04b1ffcd6d8d07564adb94db577536"
},
{
"url": "https://git.kernel.org/stable/c/24dd971104057c8828d420a48e0a5af6e6f30d3e"
},
{
"url": "https://git.kernel.org/stable/c/9bcb8cbc3e5d67eb223bfb7e2291a270dbb699dc"
},
{
"url": "https://git.kernel.org/stable/c/67ebc3391c8377738e97a43374054d9718fdb6e4"
},
{
"url": "https://git.kernel.org/stable/c/a2ee5e55b50a97d13617c8653482c0ad4decff8c"
},
{
"url": "https://git.kernel.org/stable/c/4e8b8d43373bf837be159366f0192502f97ec7a5"
},
{
"url": "https://git.kernel.org/stable/c/ded25730c96949cb8b048b29c557e38569124943"
},
{
"url": "https://git.kernel.org/stable/c/1cf9631d836b289bd5490776551961c883ae8a4f"
}
],
"title": "usbnet: gl620a: fix endpoint checking in genelink_bind()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21877",
"datePublished": "2025-03-27T14:57:07.462Z",
"dateReserved": "2024-12-29T08:45:45.781Z",
"dateUpdated": "2026-05-11T21:08:15.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21878 (GCVE-0-2025-21878)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:57 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
i2c: npcm: disable interrupt enable bit before devm_request_irq
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: npcm: disable interrupt enable bit before devm_request_irq
The customer reports that there is a soft lockup issue related to
the i2c driver. After checking, the i2c module was doing a tx transfer
and the bmc machine reboots in the middle of the i2c transaction, the i2c
module keeps the status without being reset.
Due to such an i2c module status, the i2c irq handler keeps getting
triggered since the i2c irq handler is registered in the kernel booting
process after the bmc machine is doing a warm rebooting.
The continuous triggering is stopped by the soft lockup watchdog timer.
Disable the interrupt enable bit in the i2c module before calling
devm_request_irq to fix this issue since the i2c relative status bit
is read-only.
Here is the soft lockup log.
[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]
[ 28.183351] Modules linked in:
[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1
[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 28.208128] pc : __do_softirq+0xb0/0x368
[ 28.212055] lr : __do_softirq+0x70/0x368
[ 28.215972] sp : ffffff8035ebca00
[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780
[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0
[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b
[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff
[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000
[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2
[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250
[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434
[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198
[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40
[ 28.290611] Call trace:
[ 28.293052] __do_softirq+0xb0/0x368
[ 28.296625] __irq_exit_rcu+0xe0/0x100
[ 28.300374] irq_exit+0x14/0x20
[ 28.303513] handle_domain_irq+0x68/0x90
[ 28.307440] gic_handle_irq+0x78/0xb0
[ 28.311098] call_on_irq_stack+0x20/0x38
[ 28.315019] do_interrupt_handler+0x54/0x5c
[ 28.319199] el1_interrupt+0x2c/0x4c
[ 28.322777] el1h_64_irq_handler+0x14/0x20
[ 28.326872] el1h_64_irq+0x74/0x78
[ 28.330269] __setup_irq+0x454/0x780
[ 28.333841] request_threaded_irq+0xd0/0x1b4
[ 28.338107] devm_request_threaded_irq+0x84/0x100
[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0
[ 28.346990] platform_probe+0x6c/0xc4
[ 28.350653] really_probe+0xcc/0x45c
[ 28.354227] __driver_probe_device+0x8c/0x160
[ 28.358578] driver_probe_device+0x44/0xe0
[ 28.362670] __driver_attach+0x124/0x1d0
[ 28.366589] bus_for_each_dev+0x7c/0xe0
[ 28.370426] driver_attach+0x28/0x30
[ 28.373997] bus_add_driver+0x124/0x240
[ 28.377830] driver_register+0x7c/0x124
[ 28.381662] __platform_driver_register+0x2c/0x34
[ 28.386362] npcm_i2c_init+0x3c/0x5c
[ 28.389937] do_one_initcall+0x74/0x230
[ 28.393768] kernel_init_freeable+0x24c/0x2b4
[ 28.398126] kernel_init+0x28/0x130
[ 28.401614] ret_from_fork+0x10/0x20
[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks
[ 28.411011] SMP: stopping secondary CPUs
[ 28.414933] Kernel Offset: disabled
[ 28.418412] CPU features: 0x00000000,00000802
[ 28.427644] Rebooting in 20 seconds..
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
56a1485b102ed1cd5a4af8e87ed794699fd1cad2 , < f32d7b4dc6e791523c70e83049645dcba2a2aa33
(git)
Affected: 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 , < e3aea1dba97d31eceed7b622000af0406988b9c8 (git) Affected: 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 , < 545b563eb00d0576775da4011b3f7ffefc9e8c60 (git) Affected: 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 , < 1b267e1b87d52b16e7dfcc7ab2ab760f6f8f9ca9 (git) Affected: 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 , < 12d0e39916705b68d2d8ba20a8e35d1d27afc260 (git) Affected: 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 , < 846e371631c57365eeb89e5db1ab0f344169af93 (git) Affected: 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 , < dd1998e243f5fa25d348a384ba0b6c84d980f2b2 (git) |
|
| Linux | Linux |
Affected:
5.8
Unaffected: 0 , < 5.8 (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:37.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-npcm7xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f32d7b4dc6e791523c70e83049645dcba2a2aa33",
"status": "affected",
"version": "56a1485b102ed1cd5a4af8e87ed794699fd1cad2",
"versionType": "git"
},
{
"lessThan": "e3aea1dba97d31eceed7b622000af0406988b9c8",
"status": "affected",
"version": "56a1485b102ed1cd5a4af8e87ed794699fd1cad2",
"versionType": "git"
},
{
"lessThan": "545b563eb00d0576775da4011b3f7ffefc9e8c60",
"status": "affected",
"version": "56a1485b102ed1cd5a4af8e87ed794699fd1cad2",
"versionType": "git"
},
{
"lessThan": "1b267e1b87d52b16e7dfcc7ab2ab760f6f8f9ca9",
"status": "affected",
"version": "56a1485b102ed1cd5a4af8e87ed794699fd1cad2",
"versionType": "git"
},
{
"lessThan": "12d0e39916705b68d2d8ba20a8e35d1d27afc260",
"status": "affected",
"version": "56a1485b102ed1cd5a4af8e87ed794699fd1cad2",
"versionType": "git"
},
{
"lessThan": "846e371631c57365eeb89e5db1ab0f344169af93",
"status": "affected",
"version": "56a1485b102ed1cd5a4af8e87ed794699fd1cad2",
"versionType": "git"
},
{
"lessThan": "dd1998e243f5fa25d348a384ba0b6c84d980f2b2",
"status": "affected",
"version": "56a1485b102ed1cd5a4af8e87ed794699fd1cad2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-npcm7xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds.."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:16.217Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f32d7b4dc6e791523c70e83049645dcba2a2aa33"
},
{
"url": "https://git.kernel.org/stable/c/e3aea1dba97d31eceed7b622000af0406988b9c8"
},
{
"url": "https://git.kernel.org/stable/c/545b563eb00d0576775da4011b3f7ffefc9e8c60"
},
{
"url": "https://git.kernel.org/stable/c/1b267e1b87d52b16e7dfcc7ab2ab760f6f8f9ca9"
},
{
"url": "https://git.kernel.org/stable/c/12d0e39916705b68d2d8ba20a8e35d1d27afc260"
},
{
"url": "https://git.kernel.org/stable/c/846e371631c57365eeb89e5db1ab0f344169af93"
},
{
"url": "https://git.kernel.org/stable/c/dd1998e243f5fa25d348a384ba0b6c84d980f2b2"
}
],
"title": "i2c: npcm: disable interrupt enable bit before devm_request_irq",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21878",
"datePublished": "2025-03-27T14:57:08.155Z",
"dateReserved": "2024-12-29T08:45:45.782Z",
"dateUpdated": "2026-05-11T21:08:16.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21881 (GCVE-0-2025-21881)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:57 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
uprobes: Reject the shared zeropage in uprobe_write_opcode()
Summary
In the Linux kernel, the following vulnerability has been resolved:
uprobes: Reject the shared zeropage in uprobe_write_opcode()
We triggered the following crash in syzkaller tests:
BUG: Bad page state in process syz.7.38 pfn:1eff3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3
flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)
raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x32/0x50
bad_page+0x69/0xf0
free_unref_page_prepare+0x401/0x500
free_unref_page+0x6d/0x1b0
uprobe_write_opcode+0x460/0x8e0
install_breakpoint.part.0+0x51/0x80
register_for_each_vma+0x1d9/0x2b0
__uprobe_register+0x245/0x300
bpf_uprobe_multi_link_attach+0x29b/0x4f0
link_create+0x1e2/0x280
__sys_bpf+0x75f/0xac0
__x64_sys_bpf+0x1a/0x30
do_syscall_64+0x56/0x100
entry_SYSCALL_64_after_hwframe+0x78/0xe2
BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1
The following syzkaller test case can be used to reproduce:
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x8)
write$nbd(r2, &(0x7f0000000580)=ANY=[], 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)
r5 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x20})
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000120000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)
The cause is that zero pfn is set to the PTE without increasing the RSS
count in mfill_atomic_pte_zeropage() and the refcount of zero folio does
not increase accordingly. Then, the operation on the same pfn is performed
in uprobe_write_opcode()->__replace_page() to unconditional decrease the
RSS count and old_folio's refcount.
Therefore, two bugs are introduced:
1. The RSS count is incorrect, when process exit, the check_mm() report
error "Bad rss-count".
2. The reserved folio (zero folio) is freed when folio->refcount is zero,
then free_pages_prepare->free_page_is_bad() report error
"Bad page state".
There is more, the following warning could also theoretically be triggered:
__replace_page()
-> ...
-> folio_remove_rmap_pte()
-> VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)
Considering that uprobe hit on the zero folio is a very rare case, just
reject zero old folio immediately after get_user_page_vma_remote().
[ mingo: Cleaned up the changelog ]
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2b144498350860b6ee9dc57ff27a93ad488de5dc , < c4cb2bfa99513311886c1eb5c1c2ac26f3338a6e
(git)
Affected: 2b144498350860b6ee9dc57ff27a93ad488de5dc , < 0b6f19714588cf2366b0364234f97ba963688f63 (git) Affected: 2b144498350860b6ee9dc57ff27a93ad488de5dc , < 13cca2b73e2b0ec3ea6d6615d615395621d22752 (git) Affected: 2b144498350860b6ee9dc57ff27a93ad488de5dc , < 54011fc94422f094eaf47555284de70a4bc32bb9 (git) Affected: 2b144498350860b6ee9dc57ff27a93ad488de5dc , < bddf10d26e6e5114e7415a0e442ec6f51a559468 (git) |
|
| Linux | Linux |
Affected:
3.5
Unaffected: 0 , < 3.5 (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:38.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/uprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c4cb2bfa99513311886c1eb5c1c2ac26f3338a6e",
"status": "affected",
"version": "2b144498350860b6ee9dc57ff27a93ad488de5dc",
"versionType": "git"
},
{
"lessThan": "0b6f19714588cf2366b0364234f97ba963688f63",
"status": "affected",
"version": "2b144498350860b6ee9dc57ff27a93ad488de5dc",
"versionType": "git"
},
{
"lessThan": "13cca2b73e2b0ec3ea6d6615d615395621d22752",
"status": "affected",
"version": "2b144498350860b6ee9dc57ff27a93ad488de5dc",
"versionType": "git"
},
{
"lessThan": "54011fc94422f094eaf47555284de70a4bc32bb9",
"status": "affected",
"version": "2b144498350860b6ee9dc57ff27a93ad488de5dc",
"versionType": "git"
},
{
"lessThan": "bddf10d26e6e5114e7415a0e442ec6f51a559468",
"status": "affected",
"version": "2b144498350860b6ee9dc57ff27a93ad488de5dc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/uprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:19.723Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c4cb2bfa99513311886c1eb5c1c2ac26f3338a6e"
},
{
"url": "https://git.kernel.org/stable/c/0b6f19714588cf2366b0364234f97ba963688f63"
},
{
"url": "https://git.kernel.org/stable/c/13cca2b73e2b0ec3ea6d6615d615395621d22752"
},
{
"url": "https://git.kernel.org/stable/c/54011fc94422f094eaf47555284de70a4bc32bb9"
},
{
"url": "https://git.kernel.org/stable/c/bddf10d26e6e5114e7415a0e442ec6f51a559468"
}
],
"title": "uprobes: Reject the shared zeropage in uprobe_write_opcode()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21881",
"datePublished": "2025-03-27T14:57:10.241Z",
"dateReserved": "2024-12-29T08:45:45.782Z",
"dateUpdated": "2026-05-11T21:08:19.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21887 (GCVE-0-2025-21887)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:57 – Updated: 2026-05-23 15:57
VLAI
EPSS
Title
ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
Summary
In the Linux kernel, the following vulnerability has been resolved:
ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
The issue was caused by dput(upper) being called before
ovl_dentry_update_reval(), while upper->d_flags was still
accessed in ovl_dentry_remote().
Move dput(upper) after its last use to prevent use-after-free.
BUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]
BUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:488
kasan_report+0xd9/0x110 mm/kasan/report.c:601
ovl_dentry_remote fs/overlayfs/util.c:162 [inline]
ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167
ovl_link_up fs/overlayfs/copy_up.c:610 [inline]
ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170
ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223
ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136
vfs_rename+0xf84/0x20a0 fs/namei.c:4893
...
</TASK>
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
714ba10a6dd19752a349e59aa875f3288ccb59b9 , < f77618291836168eca99e89cd175256f928f5e64
(git)
Affected: 62f29ca45f832e281fc14966ac25f6ff3bd121ca , < 4b49d939b5a79117f939b77cc67efae2694d9799 (git) Affected: e4f2a1feebb3f209a0fca82aa53507a5b8be4d53 , < a7c41830ffcd17b2177a95a9b99b270302090c35 (git) Affected: b07d5cc93e1b28df47a72c519d09d0a836043613 , < 64455c8051c3aedc71abb7ec8d47c80301f99f00 (git) Affected: b07d5cc93e1b28df47a72c519d09d0a836043613 , < 3594aad97e7be2557ca9fa9c931b206b604028c8 (git) Affected: b07d5cc93e1b28df47a72c519d09d0a836043613 , < 60b4b5c1277fc491da9e1e7abab307bfa39c2db7 (git) Affected: b07d5cc93e1b28df47a72c519d09d0a836043613 , < c84e125fff2615b4d9c259e762596134eddd2f27 (git) Affected: 33ab4dd6202f359558a0a2678b94d1b9994c17e5 (git) Affected: 1ecdc55e5cd9f70f8d7513802971d4cffb9f77af (git) Affected: 5.10.188 , < 5.10.247 (semver) Affected: 5.15.121 , < 5.15.179 (semver) Affected: 6.1.39 , < 6.1.130 (semver) Affected: 6.3.13 , < 6.4 (semver) Affected: 6.4.4 , < 6.5 (semver) |
|
| Linux | Linux |
Affected:
6.5
Unaffected: 0 , < 6.5 (semver) Unaffected: 5.10.247 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T16:59:58.510815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T17:08:22.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:40.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/overlayfs/copy_up.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f77618291836168eca99e89cd175256f928f5e64",
"status": "affected",
"version": "714ba10a6dd19752a349e59aa875f3288ccb59b9",
"versionType": "git"
},
{
"lessThan": "4b49d939b5a79117f939b77cc67efae2694d9799",
"status": "affected",
"version": "62f29ca45f832e281fc14966ac25f6ff3bd121ca",
"versionType": "git"
},
{
"lessThan": "a7c41830ffcd17b2177a95a9b99b270302090c35",
"status": "affected",
"version": "e4f2a1feebb3f209a0fca82aa53507a5b8be4d53",
"versionType": "git"
},
{
"lessThan": "64455c8051c3aedc71abb7ec8d47c80301f99f00",
"status": "affected",
"version": "b07d5cc93e1b28df47a72c519d09d0a836043613",
"versionType": "git"
},
{
"lessThan": "3594aad97e7be2557ca9fa9c931b206b604028c8",
"status": "affected",
"version": "b07d5cc93e1b28df47a72c519d09d0a836043613",
"versionType": "git"
},
{
"lessThan": "60b4b5c1277fc491da9e1e7abab307bfa39c2db7",
"status": "affected",
"version": "b07d5cc93e1b28df47a72c519d09d0a836043613",
"versionType": "git"
},
{
"lessThan": "c84e125fff2615b4d9c259e762596134eddd2f27",
"status": "affected",
"version": "b07d5cc93e1b28df47a72c519d09d0a836043613",
"versionType": "git"
},
{
"status": "affected",
"version": "33ab4dd6202f359558a0a2678b94d1b9994c17e5",
"versionType": "git"
},
{
"status": "affected",
"version": "1ecdc55e5cd9f70f8d7513802971d4cffb9f77af",
"versionType": "git"
},
{
"lessThan": "5.10.247",
"status": "affected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThan": "5.15.179",
"status": "affected",
"version": "5.15.121",
"versionType": "semver"
},
{
"lessThan": "6.1.130",
"status": "affected",
"version": "6.1.39",
"versionType": "semver"
},
{
"lessThan": "6.4",
"status": "affected",
"version": "6.3.13",
"versionType": "semver"
},
{
"lessThan": "6.5",
"status": "affected",
"version": "6.4.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/overlayfs/copy_up.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.247",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.15.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "6.1.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:57:20.970Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f77618291836168eca99e89cd175256f928f5e64"
},
{
"url": "https://git.kernel.org/stable/c/4b49d939b5a79117f939b77cc67efae2694d9799"
},
{
"url": "https://git.kernel.org/stable/c/a7c41830ffcd17b2177a95a9b99b270302090c35"
},
{
"url": "https://git.kernel.org/stable/c/64455c8051c3aedc71abb7ec8d47c80301f99f00"
},
{
"url": "https://git.kernel.org/stable/c/3594aad97e7be2557ca9fa9c931b206b604028c8"
},
{
"url": "https://git.kernel.org/stable/c/60b4b5c1277fc491da9e1e7abab307bfa39c2db7"
},
{
"url": "https://git.kernel.org/stable/c/c84e125fff2615b4d9c259e762596134eddd2f27"
}
],
"title": "ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21887",
"datePublished": "2025-03-27T14:57:14.524Z",
"dateReserved": "2024-12-29T08:45:45.782Z",
"dateUpdated": "2026-05-23T15:57:20.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21891 (GCVE-0-2025-21891)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:57 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
ipvlan: ensure network headers are in skb linear part
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: ensure network headers are in skb linear part
syzbot found that ipvlan_process_v6_outbound() was assuming
the IPv6 network header isis present in skb->head [1]
Add the needed pskb_network_may_pull() calls for both
IPv4 and IPv6 handlers.
[1]
BUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47
__ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47
ipv6_addr_type include/net/ipv6.h:555 [inline]
ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]
ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651
ip6_route_output include/net/ip6_route.h:93 [inline]
ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476
ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]
ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671
ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223
__netdev_start_xmit include/linux/netdevice.h:5150 [inline]
netdev_start_xmit include/linux/netdevice.h:5159 [inline]
xmit_one net/core/dev.c:3735 [inline]
dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751
sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343
qdisc_restart net/sched/sch_generic.c:408 [inline]
__qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416
qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127
net_tx_action+0x78b/0x940 net/core/dev.c:5484
handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561
__do_softirq+0x14/0x1a kernel/softirq.c:595
do_softirq+0x9a/0x100 kernel/softirq.c:462
__local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
__dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611
dev_queue_xmit include/linux/netdevice.h:3311 [inline]
packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3132 [inline]
packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164
sock_sendmsg_nosec net/socket.c:718 [inline]
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2ad7bf3638411cb547f2823df08166c13ab04269 , < 5b8dea8d1612dc7151d2457d7d2e6a69820309bf
(git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 4ec48f812804f370f622e0874e6dd8fcc58241cd (git) Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 5353fd89663c48f56bdff975c562cfe78b1a2e4c (git) Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < e2a4f76a2d8a44816ecd25bcbdb47b786d621974 (git) Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 27843ce6ba3d3122b65066550fe33fb8839f8aef (git) |
|
| Linux | Linux |
Affected:
3.19
Unaffected: 0 , < 3.19 (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:25:21.205802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:26:36.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:41.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5b8dea8d1612dc7151d2457d7d2e6a69820309bf",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "4ec48f812804f370f622e0874e6dd8fcc58241cd",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "5353fd89663c48f56bdff975c562cfe78b1a2e4c",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "e2a4f76a2d8a44816ecd25bcbdb47b786d621974",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "27843ce6ba3d3122b65066550fe33fb8839f8aef",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:31.288Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b8dea8d1612dc7151d2457d7d2e6a69820309bf"
},
{
"url": "https://git.kernel.org/stable/c/4ec48f812804f370f622e0874e6dd8fcc58241cd"
},
{
"url": "https://git.kernel.org/stable/c/5353fd89663c48f56bdff975c562cfe78b1a2e4c"
},
{
"url": "https://git.kernel.org/stable/c/e2a4f76a2d8a44816ecd25bcbdb47b786d621974"
},
{
"url": "https://git.kernel.org/stable/c/27843ce6ba3d3122b65066550fe33fb8839f8aef"
}
],
"title": "ipvlan: ensure network headers are in skb linear part",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21891",
"datePublished": "2025-03-27T14:57:17.267Z",
"dateReserved": "2024-12-29T08:45:45.783Z",
"dateUpdated": "2026-05-11T21:08:31.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21898 (GCVE-0-2025-21898)
Vulnerability from cvelistv5 – Published: 2025-04-01 15:26 – Updated: 2026-05-23 15:57
VLAI
EPSS
Title
ftrace: Avoid potential division by zero in function_stat_show()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Avoid potential division by zero in function_stat_show()
Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}
produce zero and skip stddev computation in that case.
For now don't care about rec->counter * rec->counter overflow because
rec->time * rec->time overflow will likely happen earlier.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-369 - Divide By Zero
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f0629ee3922f10112584b1898491fecc74d98b3b , < 5b3d32f607f0478b414b16516cf27f9170cf66c8
(git)
Affected: e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d , < ca381f60a3bb7cfaa618d73ca411610bd7fc3149 (git) Affected: e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d , < 3d738b53ed6cddb68e68c9874520a4bf846163b5 (git) Affected: e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d , < 992775227843c9376773784b8b362add44592ad7 (git) Affected: e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d , < f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3 (git) Affected: e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d , < 746cc474a95473591853927b3a9792a2d671155b (git) Affected: e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d , < 9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6 (git) Affected: e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d , < a1a7eb89ca0b89dc1c326eeee2596f263291aca3 (git) Affected: c59e74104cfd7df3ca0b5f59f1baee9c8c28b9ef (git) Affected: 015f0fd0fcc338513f80044add27fa46cf71d217 (git) Affected: 1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6 (git) Affected: 7650b4b1df091815bbbbb837d308dd4154684f8a (git) Affected: 010a7e846d4beaf34384c40ff18d5de10106d9b4 (git) Affected: 5.4.9 , < 5.4.291 (semver) Affected: 3.16.83 , < 3.17 (semver) Affected: 4.4.209 , < 4.5 (semver) Affected: 4.9.209 , < 4.10 (semver) Affected: 4.14.163 , < 4.15 (semver) Affected: 4.19.94 , < 4.20 (semver) |
|
| Linux | Linux |
Affected:
5.5
Unaffected: 0 , < 5.5 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T17:18:13.401520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T17:18:15.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:44.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5b3d32f607f0478b414b16516cf27f9170cf66c8",
"status": "affected",
"version": "f0629ee3922f10112584b1898491fecc74d98b3b",
"versionType": "git"
},
{
"lessThan": "ca381f60a3bb7cfaa618d73ca411610bd7fc3149",
"status": "affected",
"version": "e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d",
"versionType": "git"
},
{
"lessThan": "3d738b53ed6cddb68e68c9874520a4bf846163b5",
"status": "affected",
"version": "e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d",
"versionType": "git"
},
{
"lessThan": "992775227843c9376773784b8b362add44592ad7",
"status": "affected",
"version": "e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d",
"versionType": "git"
},
{
"lessThan": "f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3",
"status": "affected",
"version": "e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d",
"versionType": "git"
},
{
"lessThan": "746cc474a95473591853927b3a9792a2d671155b",
"status": "affected",
"version": "e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d",
"versionType": "git"
},
{
"lessThan": "9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6",
"status": "affected",
"version": "e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d",
"versionType": "git"
},
{
"lessThan": "a1a7eb89ca0b89dc1c326eeee2596f263291aca3",
"status": "affected",
"version": "e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d",
"versionType": "git"
},
{
"status": "affected",
"version": "c59e74104cfd7df3ca0b5f59f1baee9c8c28b9ef",
"versionType": "git"
},
{
"status": "affected",
"version": "015f0fd0fcc338513f80044add27fa46cf71d217",
"versionType": "git"
},
{
"status": "affected",
"version": "1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6",
"versionType": "git"
},
{
"status": "affected",
"version": "7650b4b1df091815bbbbb837d308dd4154684f8a",
"versionType": "git"
},
{
"status": "affected",
"version": "010a7e846d4beaf34384c40ff18d5de10106d9b4",
"versionType": "git"
},
{
"lessThan": "5.4.291",
"status": "affected",
"version": "5.4.9",
"versionType": "semver"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.83",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.209",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.209",
"versionType": "semver"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.163",
"versionType": "semver"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.94",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "5.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Avoid potential division by zero in function_stat_show()\n\nCheck whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}\nproduce zero and skip stddev computation in that case.\n\nFor now don\u0027t care about rec-\u003ecounter * rec-\u003ecounter overflow because\nrec-\u003etime * rec-\u003etime overflow will likely happen earlier."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:57:23.790Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8"
},
{
"url": "https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149"
},
{
"url": "https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5"
},
{
"url": "https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7"
},
{
"url": "https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3"
},
{
"url": "https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b"
},
{
"url": "https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6"
},
{
"url": "https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3"
}
],
"title": "ftrace: Avoid potential division by zero in function_stat_show()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21898",
"datePublished": "2025-04-01T15:26:50.211Z",
"dateReserved": "2024-12-29T08:45:45.783Z",
"dateUpdated": "2026-05-23T15:57:23.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21899 (GCVE-0-2025-21899)
Vulnerability from cvelistv5 – Published: 2025-04-01 15:26 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
tracing: Fix bad hist from corrupting named_triggers list
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix bad hist from corrupting named_triggers list
The following commands causes a crash:
~# cd /sys/kernel/tracing/events/rcu/rcu_callback
~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' > trigger
bash: echo: write error: Invalid argument
~# echo 'hist:name=bad:keys=common_pid' > trigger
Because the following occurs:
event_trigger_write() {
trigger_process_regex() {
event_hist_trigger_parse() {
data = event_trigger_alloc(..);
event_trigger_register(.., data) {
cmd_ops->reg(.., data, ..) [hist_register_trigger()] {
data->ops->init() [event_hist_trigger_init()] {
save_named_trigger(name, data) {
list_add(&data->named_list, &named_triggers);
}
}
}
}
ret = create_actions(); (return -EINVAL)
if (ret)
goto out_unreg;
[..]
ret = hist_trigger_enable(data, ...) {
list_add_tail_rcu(&data->list, &file->triggers); <<<---- SKIPPED!!! (this is important!)
[..]
out_unreg:
event_hist_unregister(.., data) {
cmd_ops->unreg(.., data, ..) [hist_unregister_trigger()] {
list_for_each_entry(iter, &file->triggers, list) {
if (!hist_trigger_match(data, iter, named_data, false)) <- never matches
continue;
[..]
test = iter;
}
if (test && test->ops->free) <<<-- test is NULL
test->ops->free(test) [event_hist_trigger_free()] {
[..]
if (data->name)
del_named_trigger(data) {
list_del(&data->named_list); <<<<-- NEVER gets removed!
}
}
}
}
[..]
kfree(data); <<<-- frees item but it is still on list
The next time a hist with name is registered, it causes an u-a-f bug and
the kernel can crash.
Move the code around such that if event_trigger_register() succeeds, the
next thing called is hist_trigger_enable() which adds it to the list.
A bunch of actions is called if get_named_trigger_data() returns false.
But that doesn't need to be called after event_trigger_register(), so it
can be moved up, allowing event_trigger_register() to be called just
before hist_trigger_enable() keeping them together and allowing the
file->triggers to be properly populated.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
067fe038e70f6e64960d26a79c4df5f1413d0f13 , < 5ae1b18f05ee2b849dc03b6c15d7da0c1c6efa77
(git)
Affected: 067fe038e70f6e64960d26a79c4df5f1413d0f13 , < 43b254d46c740bf9dbe65709afa021dd726dfa99 (git) Affected: 067fe038e70f6e64960d26a79c4df5f1413d0f13 , < 435d2964af815aae456db554c62963b4515f19d0 (git) Affected: 067fe038e70f6e64960d26a79c4df5f1413d0f13 , < f1ae50cfb818ce1ac7a674406dfadb7653e2552d (git) Affected: 067fe038e70f6e64960d26a79c4df5f1413d0f13 , < 6f86bdeab633a56d5c6dccf1a2c5989b6a5e323e (git) |
|
| Linux | Linux |
Affected:
4.17
Unaffected: 0 , < 4.17 (semver) Unaffected: 6.1.130 , ≤ 6.1.* (semver) Unaffected: 6.6.81 , ≤ 6.6.* (semver) Unaffected: 6.12.18 , ≤ 6.12.* (semver) Unaffected: 6.13.6 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:45.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_hist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ae1b18f05ee2b849dc03b6c15d7da0c1c6efa77",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "43b254d46c740bf9dbe65709afa021dd726dfa99",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "435d2964af815aae456db554c62963b4515f19d0",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "f1ae50cfb818ce1ac7a674406dfadb7653e2552d",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "6f86bdeab633a56d5c6dccf1a2c5989b6a5e323e",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_hist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.81",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.18",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.6",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix bad hist from corrupting named_triggers list\n\nThe following commands causes a crash:\n\n ~# cd /sys/kernel/tracing/events/rcu/rcu_callback\n ~# echo \u0027hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)\u0027 \u003e trigger\n bash: echo: write error: Invalid argument\n ~# echo \u0027hist:name=bad:keys=common_pid\u0027 \u003e trigger\n\nBecause the following occurs:\n\nevent_trigger_write() {\n trigger_process_regex() {\n event_hist_trigger_parse() {\n\n data = event_trigger_alloc(..);\n\n event_trigger_register(.., data) {\n cmd_ops-\u003ereg(.., data, ..) [hist_register_trigger()] {\n data-\u003eops-\u003einit() [event_hist_trigger_init()] {\n save_named_trigger(name, data) {\n list_add(\u0026data-\u003enamed_list, \u0026named_triggers);\n }\n }\n }\n }\n\n ret = create_actions(); (return -EINVAL)\n if (ret)\n goto out_unreg;\n[..]\n ret = hist_trigger_enable(data, ...) {\n list_add_tail_rcu(\u0026data-\u003elist, \u0026file-\u003etriggers); \u003c\u003c\u003c---- SKIPPED!!! (this is important!)\n[..]\n out_unreg:\n event_hist_unregister(.., data) {\n cmd_ops-\u003eunreg(.., data, ..) [hist_unregister_trigger()] {\n list_for_each_entry(iter, \u0026file-\u003etriggers, list) {\n if (!hist_trigger_match(data, iter, named_data, false)) \u003c- never matches\n continue;\n [..]\n test = iter;\n }\n if (test \u0026\u0026 test-\u003eops-\u003efree) \u003c\u003c\u003c-- test is NULL\n\n test-\u003eops-\u003efree(test) [event_hist_trigger_free()] {\n [..]\n if (data-\u003ename)\n del_named_trigger(data) {\n list_del(\u0026data-\u003enamed_list); \u003c\u003c\u003c\u003c-- NEVER gets removed!\n }\n }\n }\n }\n\n [..]\n kfree(data); \u003c\u003c\u003c-- frees item but it is still on list\n\nThe next time a hist with name is registered, it causes an u-a-f bug and\nthe kernel can crash.\n\nMove the code around such that if event_trigger_register() succeeds, the\nnext thing called is hist_trigger_enable() which adds it to the list.\n\nA bunch of actions is called if get_named_trigger_data() returns false.\nBut that doesn\u0027t need to be called after event_trigger_register(), so it\ncan be moved up, allowing event_trigger_register() to be called just\nbefore hist_trigger_enable() keeping them together and allowing the\nfile-\u003etriggers to be properly populated."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:40.597Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ae1b18f05ee2b849dc03b6c15d7da0c1c6efa77"
},
{
"url": "https://git.kernel.org/stable/c/43b254d46c740bf9dbe65709afa021dd726dfa99"
},
{
"url": "https://git.kernel.org/stable/c/435d2964af815aae456db554c62963b4515f19d0"
},
{
"url": "https://git.kernel.org/stable/c/f1ae50cfb818ce1ac7a674406dfadb7653e2552d"
},
{
"url": "https://git.kernel.org/stable/c/6f86bdeab633a56d5c6dccf1a2c5989b6a5e323e"
}
],
"title": "tracing: Fix bad hist from corrupting named_triggers list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21899",
"datePublished": "2025-04-01T15:26:50.791Z",
"dateReserved": "2024-12-29T08:45:45.783Z",
"dateUpdated": "2026-05-11T21:08:40.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21904 (GCVE-0-2025-21904)
Vulnerability from cvelistv5 – Published: 2025-04-01 15:40 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
caif_virtio: fix wrong pointer check in cfv_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
caif_virtio: fix wrong pointer check in cfv_probe()
del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked
for NULL before calling it, not cfv->vdev. Also the current implementation
is redundant because the pointer cfv->vdev is dereferenced before it is
checked for NULL.
Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before
calling del_vqs().
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0d2e1a2926b1839a4b74519e660739b2566c9386 , < 990fff6980d0c1693d60a812f58dbf93eab0473f
(git)
Affected: 0d2e1a2926b1839a4b74519e660739b2566c9386 , < 7b5fe58959822e6cfa884327cabba6be3b01883d (git) Affected: 0d2e1a2926b1839a4b74519e660739b2566c9386 , < 8e4e08ca4cc634b337bb74bc9a70758fdeda0bcb (git) Affected: 0d2e1a2926b1839a4b74519e660739b2566c9386 , < 29e0cd296c87240278e2f7ea4cf3f496b60c03af (git) Affected: 0d2e1a2926b1839a4b74519e660739b2566c9386 , < 90d302619ee7ce5ed0c69c29c290bdccfde66418 (git) Affected: 0d2e1a2926b1839a4b74519e660739b2566c9386 , < 56cddf71cce3b15b078e937fadab29962b6f6643 (git) Affected: 0d2e1a2926b1839a4b74519e660739b2566c9386 , < 597c27e5f04cb50e56cc9aeda75d3e42b6b89c3e (git) Affected: 0d2e1a2926b1839a4b74519e660739b2566c9386 , < a466fd7e9fafd975949e5945e2f70c33a94b1a70 (git) |
|
| Linux | Linux |
Affected:
3.10
Unaffected: 0 , < 3.10 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.131 , ≤ 6.1.* (semver) Unaffected: 6.6.83 , ≤ 6.6.* (semver) Unaffected: 6.12.19 , ≤ 6.12.* (semver) Unaffected: 6.13.7 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:24:28.456354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:26:35.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:48.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/caif/caif_virtio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "990fff6980d0c1693d60a812f58dbf93eab0473f",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
},
{
"lessThan": "7b5fe58959822e6cfa884327cabba6be3b01883d",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
},
{
"lessThan": "8e4e08ca4cc634b337bb74bc9a70758fdeda0bcb",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
},
{
"lessThan": "29e0cd296c87240278e2f7ea4cf3f496b60c03af",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
},
{
"lessThan": "90d302619ee7ce5ed0c69c29c290bdccfde66418",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
},
{
"lessThan": "56cddf71cce3b15b078e937fadab29962b6f6643",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
},
{
"lessThan": "597c27e5f04cb50e56cc9aeda75d3e42b6b89c3e",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
},
{
"lessThan": "a466fd7e9fafd975949e5945e2f70c33a94b1a70",
"status": "affected",
"version": "0d2e1a2926b1839a4b74519e660739b2566c9386",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/caif/caif_virtio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.131",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.131",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.83",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.19",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.7",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif_virtio: fix wrong pointer check in cfv_probe()\n\ndel_vqs() frees virtqueues, therefore cfv-\u003evq_tx pointer should be checked\nfor NULL before calling it, not cfv-\u003evdev. Also the current implementation\nis redundant because the pointer cfv-\u003evdev is dereferenced before it is\nchecked for NULL.\n\nFix this by checking cfv-\u003evq_tx for NULL instead of cfv-\u003evdev before\ncalling del_vqs()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:46.568Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/990fff6980d0c1693d60a812f58dbf93eab0473f"
},
{
"url": "https://git.kernel.org/stable/c/7b5fe58959822e6cfa884327cabba6be3b01883d"
},
{
"url": "https://git.kernel.org/stable/c/8e4e08ca4cc634b337bb74bc9a70758fdeda0bcb"
},
{
"url": "https://git.kernel.org/stable/c/29e0cd296c87240278e2f7ea4cf3f496b60c03af"
},
{
"url": "https://git.kernel.org/stable/c/90d302619ee7ce5ed0c69c29c290bdccfde66418"
},
{
"url": "https://git.kernel.org/stable/c/56cddf71cce3b15b078e937fadab29962b6f6643"
},
{
"url": "https://git.kernel.org/stable/c/597c27e5f04cb50e56cc9aeda75d3e42b6b89c3e"
},
{
"url": "https://git.kernel.org/stable/c/a466fd7e9fafd975949e5945e2f70c33a94b1a70"
}
],
"title": "caif_virtio: fix wrong pointer check in cfv_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21904",
"datePublished": "2025-04-01T15:40:45.881Z",
"dateReserved": "2024-12-29T08:45:45.785Z",
"dateUpdated": "2026-05-11T21:08:46.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21905 (GCVE-0-2025-21905)
Vulnerability from cvelistv5 – Published: 2025-04-01 15:40 – Updated: 2026-05-11 21:08
VLAI
EPSS
Title
wifi: iwlwifi: limit printed string from FW file
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: limit printed string from FW file
There's no guarantee here that the file is always with a
NUL-termination, so reading the string may read beyond the
end of the TLV. If that's the last TLV in the file, it can
perhaps even read beyond the end of the file buffer.
Fix that by limiting the print format to the size of the
buffer we have.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
aee1b6385e29e472ae5592b9652b750a29bf702e , < 38f0d398b6d7640d223db69df022c4a232f24774
(git)
Affected: aee1b6385e29e472ae5592b9652b750a29bf702e , < c0e626f2b2390472afac52dfe72b29daf9ed8e1d (git) Affected: aee1b6385e29e472ae5592b9652b750a29bf702e , < 47616b82f2d42ea2060334746fed9a2988d845c9 (git) Affected: aee1b6385e29e472ae5592b9652b750a29bf702e , < 88ed69f924638c7503644e1f8eed1e976f3ffa7a (git) Affected: aee1b6385e29e472ae5592b9652b750a29bf702e , < b02f8d5a71c8571ccf77f285737c566db73ef5e5 (git) Affected: aee1b6385e29e472ae5592b9652b750a29bf702e , < f265e6031d0bc4fc40c4619cb42466722b46eaa9 (git) Affected: aee1b6385e29e472ae5592b9652b750a29bf702e , < 59cdda202829d1d6a095d233386870a59aff986f (git) Affected: aee1b6385e29e472ae5592b9652b750a29bf702e , < e0dc2c1bef722cbf16ae557690861e5f91208129 (git) |
|
| Linux | Linux |
Affected:
5.2
Unaffected: 0 , < 5.2 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.131 , ≤ 6.1.* (semver) Unaffected: 6.6.83 , ≤ 6.6.* (semver) Unaffected: 6.12.19 , ≤ 6.12.* (semver) Unaffected: 6.13.7 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:24:24.171530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:26:34.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:38:51.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "38f0d398b6d7640d223db69df022c4a232f24774",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
},
{
"lessThan": "c0e626f2b2390472afac52dfe72b29daf9ed8e1d",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
},
{
"lessThan": "47616b82f2d42ea2060334746fed9a2988d845c9",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
},
{
"lessThan": "88ed69f924638c7503644e1f8eed1e976f3ffa7a",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
},
{
"lessThan": "b02f8d5a71c8571ccf77f285737c566db73ef5e5",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
},
{
"lessThan": "f265e6031d0bc4fc40c4619cb42466722b46eaa9",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
},
{
"lessThan": "59cdda202829d1d6a095d233386870a59aff986f",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
},
{
"lessThan": "e0dc2c1bef722cbf16ae557690861e5f91208129",
"status": "affected",
"version": "aee1b6385e29e472ae5592b9652b750a29bf702e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.131",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.131",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.83",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.19",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.7",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:08:47.751Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38f0d398b6d7640d223db69df022c4a232f24774"
},
{
"url": "https://git.kernel.org/stable/c/c0e626f2b2390472afac52dfe72b29daf9ed8e1d"
},
{
"url": "https://git.kernel.org/stable/c/47616b82f2d42ea2060334746fed9a2988d845c9"
},
{
"url": "https://git.kernel.org/stable/c/88ed69f924638c7503644e1f8eed1e976f3ffa7a"
},
{
"url": "https://git.kernel.org/stable/c/b02f8d5a71c8571ccf77f285737c566db73ef5e5"
},
{
"url": "https://git.kernel.org/stable/c/f265e6031d0bc4fc40c4619cb42466722b46eaa9"
},
{
"url": "https://git.kernel.org/stable/c/59cdda202829d1d6a095d233386870a59aff986f"
},
{
"url": "https://git.kernel.org/stable/c/e0dc2c1bef722cbf16ae557690861e5f91208129"
}
],
"title": "wifi: iwlwifi: limit printed string from FW file",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21905",
"datePublished": "2025-04-01T15:40:46.465Z",
"dateReserved": "2024-12-29T08:45:45.785Z",
"dateUpdated": "2026-05-11T21:08:47.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…