Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0605
Vulnerability from certfr_avis - Published: 2025-07-18 - Updated: 2025-07-18
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 25.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-57981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57981"
},
{
"name": "CVE-2023-52664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52664"
},
{
"name": "CVE-2024-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58010"
},
{
"name": "CVE-2024-57973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57973"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-58069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58069"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2025-21731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21731"
},
{
"name": "CVE-2024-58009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58009"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2023-52927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52927"
},
{
"name": "CVE-2024-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58058"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21735"
},
{
"name": "CVE-2025-21647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21647"
},
{
"name": "CVE-2024-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58063"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58007"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2024-58085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58085"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2021-47211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47211"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2024-58017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58017"
},
{
"name": "CVE-2024-56599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2023-52741",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52741"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21736"
},
{
"name": "CVE-2025-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21708"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2024-58051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58051"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2025-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21971"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2024-56551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2021-47191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47191"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2025-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21865"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2024-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26996"
},
{
"name": "CVE-2024-58052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58052"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2024-26689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26689"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-21749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21749"
},
{
"name": "CVE-2024-58072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58072"
},
{
"name": "CVE-2025-21722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21722"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2024-58055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58055"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2025-21744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21744"
},
{
"name": "CVE-2024-57986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57986"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-21811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21811"
}
],
"initial_release_date": "2025-07-18T00:00:00",
"last_revision_date": "2025-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0605",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7610-3",
"url": "https://ubuntu.com/security/notices/USN-7610-3"
},
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7608-6",
"url": "https://ubuntu.com/security/notices/USN-7608-6"
},
{
"published_at": "2025-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7640-1",
"url": "https://ubuntu.com/security/notices/USN-7640-1"
},
{
"published_at": "2025-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7611-3",
"url": "https://ubuntu.com/security/notices/USN-7611-3"
},
{
"published_at": "2025-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7585-7",
"url": "https://ubuntu.com/security/notices/USN-7585-7"
}
]
}
CVE-2025-21722 (GCVE-0-2025-21722)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:07 – Updated: 2026-05-11 21:05
VLAI
EPSS
Title
nilfs2: do not force clear folio if buffer is referenced
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: do not force clear folio if buffer is referenced
Patch series "nilfs2: protect busy buffer heads from being force-cleared".
This series fixes the buffer head state inconsistency issues reported by
syzbot that occurs when the filesystem is corrupted and falls back to
read-only, and the associated buffer head use-after-free issue.
This patch (of 2):
Syzbot has reported that after nilfs2 detects filesystem corruption and
falls back to read-only, inconsistencies in the buffer state may occur.
One of the inconsistencies is that when nilfs2 calls mark_buffer_dirty()
to set a data or metadata buffer as dirty, but it detects that the buffer
is not in the uptodate state:
WARNING: CPU: 0 PID: 6049 at fs/buffer.c:1177 mark_buffer_dirty+0x2e5/0x520
fs/buffer.c:1177
...
Call Trace:
<TASK>
nilfs_palloc_commit_alloc_entry+0x4b/0x160 fs/nilfs2/alloc.c:598
nilfs_ifile_create_inode+0x1dd/0x3a0 fs/nilfs2/ifile.c:73
nilfs_new_inode+0x254/0x830 fs/nilfs2/inode.c:344
nilfs_mkdir+0x10d/0x340 fs/nilfs2/namei.c:218
vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
do_mkdirat+0x264/0x3a0 fs/namei.c:4280
__do_sys_mkdirat fs/namei.c:4295 [inline]
__se_sys_mkdirat fs/namei.c:4293 [inline]
__x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The other is when nilfs_btree_propagate(), which propagates the dirty
state to the ancestor nodes of a b-tree that point to a dirty buffer,
detects that the origin buffer is not dirty, even though it should be:
WARNING: CPU: 0 PID: 5245 at fs/nilfs2/btree.c:2089
nilfs_btree_propagate+0xc79/0xdf0 fs/nilfs2/btree.c:2089
...
Call Trace:
<TASK>
nilfs_bmap_propagate+0x75/0x120 fs/nilfs2/bmap.c:345
nilfs_collect_file_data+0x4d/0xd0 fs/nilfs2/segment.c:587
nilfs_segctor_apply_buffers+0x184/0x340 fs/nilfs2/segment.c:1006
nilfs_segctor_scan_file+0x28c/0xa50 fs/nilfs2/segment.c:1045
nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1216 [inline]
nilfs_segctor_collect fs/nilfs2/segment.c:1540 [inline]
nilfs_segctor_do_construct+0x1c28/0x6b90 fs/nilfs2/segment.c:2115
nilfs_segctor_construct+0x181/0x6b0 fs/nilfs2/segment.c:2479
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2587 [inline]
nilfs_segctor_thread+0x69e/0xe80 fs/nilfs2/segment.c:2701
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Both of these issues are caused by the callbacks that handle the
page/folio write requests, forcibly clear various states, including the
working state of the buffers they hold, at unexpected times when they
detect read-only fallback.
Fix these issues by checking if the buffer is referenced before clearing
the page/folio state, and skipping the clear if it is.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8c26c4e2694a163d525976e804d81cd955bbb40c , < 7d0544bacc11d6aa26ecd7debf9353193c7a3328
(git)
Affected: 8c26c4e2694a163d525976e804d81cd955bbb40c , < 4d042811c72f71be7c14726db2c72b67025a7cb5 (git) Affected: 8c26c4e2694a163d525976e804d81cd955bbb40c , < f51ff43c4c5a6c8e72d0aca89e4d5e688938412f (git) Affected: 8c26c4e2694a163d525976e804d81cd955bbb40c , < 19296737024cd220a1d6590bf4c092bca8c99497 (git) Affected: 8c26c4e2694a163d525976e804d81cd955bbb40c , < 1098bb8d52419d262a3358d099a1598a920b730f (git) Affected: 8c26c4e2694a163d525976e804d81cd955bbb40c , < 557ccf5e49f1fb848a29698585bcab2e50a597ef (git) Affected: 8c26c4e2694a163d525976e804d81cd955bbb40c , < ca76bb226bf47ff04c782cacbd299f12ddee1ec1 (git) |
|
| Linux | Linux |
Affected:
3.10
Unaffected: 0 , < 3.10 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.12.13 , ≤ 6.12.* (semver) Unaffected: 6.13.2 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:14:37.739187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:30.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:21.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/page.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d0544bacc11d6aa26ecd7debf9353193c7a3328",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "4d042811c72f71be7c14726db2c72b67025a7cb5",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "f51ff43c4c5a6c8e72d0aca89e4d5e688938412f",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "19296737024cd220a1d6590bf4c092bca8c99497",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "1098bb8d52419d262a3358d099a1598a920b730f",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "557ccf5e49f1fb848a29698585bcab2e50a597ef",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
},
{
"lessThan": "ca76bb226bf47ff04c782cacbd299f12ddee1ec1",
"status": "affected",
"version": "8c26c4e2694a163d525976e804d81cd955bbb40c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/page.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: do not force clear folio if buffer is referenced\n\nPatch series \"nilfs2: protect busy buffer heads from being force-cleared\".\n\nThis series fixes the buffer head state inconsistency issues reported by\nsyzbot that occurs when the filesystem is corrupted and falls back to\nread-only, and the associated buffer head use-after-free issue.\n\n\nThis patch (of 2):\n\nSyzbot has reported that after nilfs2 detects filesystem corruption and\nfalls back to read-only, inconsistencies in the buffer state may occur.\n\nOne of the inconsistencies is that when nilfs2 calls mark_buffer_dirty()\nto set a data or metadata buffer as dirty, but it detects that the buffer\nis not in the uptodate state:\n\n WARNING: CPU: 0 PID: 6049 at fs/buffer.c:1177 mark_buffer_dirty+0x2e5/0x520\n fs/buffer.c:1177\n ...\n Call Trace:\n \u003cTASK\u003e\n nilfs_palloc_commit_alloc_entry+0x4b/0x160 fs/nilfs2/alloc.c:598\n nilfs_ifile_create_inode+0x1dd/0x3a0 fs/nilfs2/ifile.c:73\n nilfs_new_inode+0x254/0x830 fs/nilfs2/inode.c:344\n nilfs_mkdir+0x10d/0x340 fs/nilfs2/namei.c:218\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\n __do_sys_mkdirat fs/namei.c:4295 [inline]\n __se_sys_mkdirat fs/namei.c:4293 [inline]\n __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe other is when nilfs_btree_propagate(), which propagates the dirty\nstate to the ancestor nodes of a b-tree that point to a dirty buffer,\ndetects that the origin buffer is not dirty, even though it should be:\n\n WARNING: CPU: 0 PID: 5245 at fs/nilfs2/btree.c:2089\n nilfs_btree_propagate+0xc79/0xdf0 fs/nilfs2/btree.c:2089\n ...\n Call Trace:\n \u003cTASK\u003e\n nilfs_bmap_propagate+0x75/0x120 fs/nilfs2/bmap.c:345\n nilfs_collect_file_data+0x4d/0xd0 fs/nilfs2/segment.c:587\n nilfs_segctor_apply_buffers+0x184/0x340 fs/nilfs2/segment.c:1006\n nilfs_segctor_scan_file+0x28c/0xa50 fs/nilfs2/segment.c:1045\n nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1216 [inline]\n nilfs_segctor_collect fs/nilfs2/segment.c:1540 [inline]\n nilfs_segctor_do_construct+0x1c28/0x6b90 fs/nilfs2/segment.c:2115\n nilfs_segctor_construct+0x181/0x6b0 fs/nilfs2/segment.c:2479\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2587 [inline]\n nilfs_segctor_thread+0x69e/0xe80 fs/nilfs2/segment.c:2701\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nBoth of these issues are caused by the callbacks that handle the\npage/folio write requests, forcibly clear various states, including the\nworking state of the buffers they hold, at unexpected times when they\ndetect read-only fallback.\n\nFix these issues by checking if the buffer is referenced before clearing\nthe page/folio state, and skipping the clear if it is."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:09.848Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d0544bacc11d6aa26ecd7debf9353193c7a3328"
},
{
"url": "https://git.kernel.org/stable/c/4d042811c72f71be7c14726db2c72b67025a7cb5"
},
{
"url": "https://git.kernel.org/stable/c/f51ff43c4c5a6c8e72d0aca89e4d5e688938412f"
},
{
"url": "https://git.kernel.org/stable/c/19296737024cd220a1d6590bf4c092bca8c99497"
},
{
"url": "https://git.kernel.org/stable/c/1098bb8d52419d262a3358d099a1598a920b730f"
},
{
"url": "https://git.kernel.org/stable/c/557ccf5e49f1fb848a29698585bcab2e50a597ef"
},
{
"url": "https://git.kernel.org/stable/c/ca76bb226bf47ff04c782cacbd299f12ddee1ec1"
}
],
"title": "nilfs2: do not force clear folio if buffer is referenced",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21722",
"datePublished": "2025-02-27T02:07:30.387Z",
"dateReserved": "2024-12-29T08:45:45.753Z",
"dateUpdated": "2026-05-11T21:05:09.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21728 (GCVE-0-2025-21728)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:07 – Updated: 2026-05-23 15:57
VLAI
EPSS
Title
bpf: Send signals asynchronously if !preemptible
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Send signals asynchronously if !preemptible
BPF programs can execute in all kinds of contexts and when a program
running in a non-preemptible context uses the bpf_send_signal() kfunc,
it will cause issues because this kfunc can sleep.
Change `irqs_disabled()` to `!preemptible()`.
Severity
No CVSS data available.
Assigner
References
12 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fd29a0242f86b2d95ad666aa9f92a3d0f7bfdab6 , < feba1308bc5e8e04cee751d39fae8a9b407a9034
(git)
Affected: 1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 , < ce51eab2070e295d298f42a2f1db269cd1b56d55 (git) Affected: 1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 , < e306eaaa3d78b462db5f5b11e0171f9d2b6ca3f4 (git) Affected: 1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 , < be42a09fe898635b0093c0c8dac1bfabe225c240 (git) Affected: 1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 , < eeef8e65041a031bd8a747a392c14b76a123a12c (git) Affected: 1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 , < 78b97783496b454435639937db3303e900a24d3f (git) Affected: 1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 , < 092fc76b7ab4163e008f9cde596a58dad2108260 (git) Affected: 1bc7896e9ef44fd77858b3ef0b8a6840be3a4494 , < 87c544108b612512b254c8f79aa5c0a8546e2cc4 (git) Affected: 7930d01afb7281edd9782971e0cca6fe587c7a7b (git) Affected: 5.4.33 , < 5.4.291 (semver) Affected: 5.5.18 , < 5.6 (semver) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.76 , ≤ 6.6.* (semver) Unaffected: 6.12.13 , ≤ 6.12.* (semver) Unaffected: 6.13.2 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:33.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:03:31.992Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/bpf_trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "feba1308bc5e8e04cee751d39fae8a9b407a9034",
"status": "affected",
"version": "fd29a0242f86b2d95ad666aa9f92a3d0f7bfdab6",
"versionType": "git"
},
{
"lessThan": "ce51eab2070e295d298f42a2f1db269cd1b56d55",
"status": "affected",
"version": "1bc7896e9ef44fd77858b3ef0b8a6840be3a4494",
"versionType": "git"
},
{
"lessThan": "e306eaaa3d78b462db5f5b11e0171f9d2b6ca3f4",
"status": "affected",
"version": "1bc7896e9ef44fd77858b3ef0b8a6840be3a4494",
"versionType": "git"
},
{
"lessThan": "be42a09fe898635b0093c0c8dac1bfabe225c240",
"status": "affected",
"version": "1bc7896e9ef44fd77858b3ef0b8a6840be3a4494",
"versionType": "git"
},
{
"lessThan": "eeef8e65041a031bd8a747a392c14b76a123a12c",
"status": "affected",
"version": "1bc7896e9ef44fd77858b3ef0b8a6840be3a4494",
"versionType": "git"
},
{
"lessThan": "78b97783496b454435639937db3303e900a24d3f",
"status": "affected",
"version": "1bc7896e9ef44fd77858b3ef0b8a6840be3a4494",
"versionType": "git"
},
{
"lessThan": "092fc76b7ab4163e008f9cde596a58dad2108260",
"status": "affected",
"version": "1bc7896e9ef44fd77858b3ef0b8a6840be3a4494",
"versionType": "git"
},
{
"lessThan": "87c544108b612512b254c8f79aa5c0a8546e2cc4",
"status": "affected",
"version": "1bc7896e9ef44fd77858b3ef0b8a6840be3a4494",
"versionType": "git"
},
{
"status": "affected",
"version": "7930d01afb7281edd9782971e0cca6fe587c7a7b",
"versionType": "git"
},
{
"lessThan": "5.4.291",
"status": "affected",
"version": "5.4.33",
"versionType": "semver"
},
{
"lessThan": "5.6",
"status": "affected",
"version": "5.5.18",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/bpf_trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "5.4.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:57:02.668Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/feba1308bc5e8e04cee751d39fae8a9b407a9034"
},
{
"url": "https://git.kernel.org/stable/c/ce51eab2070e295d298f42a2f1db269cd1b56d55"
},
{
"url": "https://git.kernel.org/stable/c/e306eaaa3d78b462db5f5b11e0171f9d2b6ca3f4"
},
{
"url": "https://git.kernel.org/stable/c/be42a09fe898635b0093c0c8dac1bfabe225c240"
},
{
"url": "https://git.kernel.org/stable/c/eeef8e65041a031bd8a747a392c14b76a123a12c"
},
{
"url": "https://git.kernel.org/stable/c/78b97783496b454435639937db3303e900a24d3f"
},
{
"url": "https://git.kernel.org/stable/c/092fc76b7ab4163e008f9cde596a58dad2108260"
},
{
"url": "https://git.kernel.org/stable/c/87c544108b612512b254c8f79aa5c0a8546e2cc4"
}
],
"title": "bpf: Send signals asynchronously if !preemptible",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21728",
"datePublished": "2025-02-27T02:07:34.114Z",
"dateReserved": "2024-12-29T08:45:45.755Z",
"dateUpdated": "2026-05-23T15:57:02.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21731 (GCVE-0-2025-21731)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:07 – Updated: 2026-05-11 21:05
VLAI
EPSS
Title
nbd: don't allow reconnect after disconnect
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: don't allow reconnect after disconnect
Following process can cause nbd_config UAF:
1) grab nbd_config temporarily;
2) nbd_genl_disconnect() flush all recv_work() and release the
initial reference:
nbd_genl_disconnect
nbd_disconnect_and_put
nbd_disconnect
flush_workqueue(nbd->recv_workq)
if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))
nbd_config_put
-> due to step 1), reference is still not zero
3) nbd_genl_reconfigure() queue recv_work() again;
nbd_genl_reconfigure
config = nbd_get_config_unlocked(nbd)
if (!config)
-> succeed
if (!test_bit(NBD_RT_BOUND, ...))
-> succeed
nbd_reconnect_socket
queue_work(nbd->recv_workq, &args->work)
4) step 1) release the reference;
5) Finially, recv_work() will trigger UAF:
recv_work
nbd_config_put(nbd)
-> nbd_config is freed
atomic_dec(&config->recv_threads)
-> UAF
Fix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so
that nbd_genl_reconfigure() will fail.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b7aa3d39385dc2d95899f9e379623fef446a2acd , < e70a578487a47d7cf058904141e586684d1c3381
(git)
Affected: b7aa3d39385dc2d95899f9e379623fef446a2acd , < 6bef6222a3f6c7adb6396f77f25a3579d821b09a (git) Affected: b7aa3d39385dc2d95899f9e379623fef446a2acd , < e3be8862d73cac833e0fb7602636c19c6cb94b11 (git) Affected: b7aa3d39385dc2d95899f9e379623fef446a2acd , < e7343fa33751cb07c1c56b666bf37cfca357130e (git) Affected: b7aa3d39385dc2d95899f9e379623fef446a2acd , < d208d2c52b652913b5eefc8ca434b0d6b757f68f (git) Affected: b7aa3d39385dc2d95899f9e379623fef446a2acd , < a8ee6ecde2b7bfb58c8a3afe8a9d2b848f580739 (git) Affected: b7aa3d39385dc2d95899f9e379623fef446a2acd , < 9793bd5ae4bdbdb2dde401a3cab94a6bfd05e302 (git) Affected: b7aa3d39385dc2d95899f9e379623fef446a2acd , < 844b8cdc681612ff24df62cdefddeab5772fadf1 (git) |
|
| Linux | Linux |
Affected:
4.12
Unaffected: 0 , < 4.12 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.76 , ≤ 6.6.* (semver) Unaffected: 6.12.13 , ≤ 6.12.* (semver) Unaffected: 6.13.2 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:00.860096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:27.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:36.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e70a578487a47d7cf058904141e586684d1c3381",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
},
{
"lessThan": "6bef6222a3f6c7adb6396f77f25a3579d821b09a",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
},
{
"lessThan": "e3be8862d73cac833e0fb7602636c19c6cb94b11",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
},
{
"lessThan": "e7343fa33751cb07c1c56b666bf37cfca357130e",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
},
{
"lessThan": "d208d2c52b652913b5eefc8ca434b0d6b757f68f",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
},
{
"lessThan": "a8ee6ecde2b7bfb58c8a3afe8a9d2b848f580739",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
},
{
"lessThan": "9793bd5ae4bdbdb2dde401a3cab94a6bfd05e302",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
},
{
"lessThan": "844b8cdc681612ff24df62cdefddeab5772fadf1",
"status": "affected",
"version": "b7aa3d39385dc2d95899f9e379623fef446a2acd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:20.600Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e70a578487a47d7cf058904141e586684d1c3381"
},
{
"url": "https://git.kernel.org/stable/c/6bef6222a3f6c7adb6396f77f25a3579d821b09a"
},
{
"url": "https://git.kernel.org/stable/c/e3be8862d73cac833e0fb7602636c19c6cb94b11"
},
{
"url": "https://git.kernel.org/stable/c/e7343fa33751cb07c1c56b666bf37cfca357130e"
},
{
"url": "https://git.kernel.org/stable/c/d208d2c52b652913b5eefc8ca434b0d6b757f68f"
},
{
"url": "https://git.kernel.org/stable/c/a8ee6ecde2b7bfb58c8a3afe8a9d2b848f580739"
},
{
"url": "https://git.kernel.org/stable/c/9793bd5ae4bdbdb2dde401a3cab94a6bfd05e302"
},
{
"url": "https://git.kernel.org/stable/c/844b8cdc681612ff24df62cdefddeab5772fadf1"
}
],
"title": "nbd: don\u0027t allow reconnect after disconnect",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21731",
"datePublished": "2025-02-27T02:07:35.927Z",
"dateReserved": "2024-12-29T08:45:45.755Z",
"dateUpdated": "2026-05-11T21:05:20.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21735 (GCVE-0-2025-21735)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:12 – Updated: 2026-05-12 12:03
VLAI
EPSS
Title
NFC: nci: Add bounds checking in nci_hci_create_pipe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFC: nci: Add bounds checking in nci_hci_create_pipe()
The "pipe" variable is a u8 which comes from the network. If it's more
than 127, then it results in memory corruption in the caller,
nci_hci_connect_gate().
Severity
No CVSS data available.
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a1b0b9415817c14d207921582f269d03f848b69f , < bd249109d266f1d52548c46634a15b71656e0d44
(git)
Affected: a1b0b9415817c14d207921582f269d03f848b69f , < 674e17c5933779a8bf5c15d596fdfcb5ccdebbc2 (git) Affected: a1b0b9415817c14d207921582f269d03f848b69f , < 10b3f947b609713e04022101f492d288a014ddfa (git) Affected: a1b0b9415817c14d207921582f269d03f848b69f , < d5a461c315e5ff92657f84d8ba50caa5abf5c22a (git) Affected: a1b0b9415817c14d207921582f269d03f848b69f , < 172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e (git) Affected: a1b0b9415817c14d207921582f269d03f848b69f , < 2ae4bade5a64d126bd18eb66bd419005c5550218 (git) Affected: a1b0b9415817c14d207921582f269d03f848b69f , < 59c7ed20217c0939862fbf8145bc49d5b3a13f4f (git) Affected: a1b0b9415817c14d207921582f269d03f848b69f , < 110b43ef05342d5a11284cc8b21582b698b4ef1c (git) |
|
| Linux | Linux |
Affected:
4.4
Unaffected: 0 , < 4.4 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.78 , ≤ 6.6.* (semver) Unaffected: 6.12.14 , ≤ 6.12.* (semver) Unaffected: 6.13.3 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:40.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:03:33.287Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/hci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd249109d266f1d52548c46634a15b71656e0d44",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
},
{
"lessThan": "674e17c5933779a8bf5c15d596fdfcb5ccdebbc2",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
},
{
"lessThan": "10b3f947b609713e04022101f492d288a014ddfa",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
},
{
"lessThan": "d5a461c315e5ff92657f84d8ba50caa5abf5c22a",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
},
{
"lessThan": "172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
},
{
"lessThan": "2ae4bade5a64d126bd18eb66bd419005c5550218",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
},
{
"lessThan": "59c7ed20217c0939862fbf8145bc49d5b3a13f4f",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
},
{
"lessThan": "110b43ef05342d5a11284cc8b21582b698b4ef1c",
"status": "affected",
"version": "a1b0b9415817c14d207921582f269d03f848b69f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/hci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:25.663Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd249109d266f1d52548c46634a15b71656e0d44"
},
{
"url": "https://git.kernel.org/stable/c/674e17c5933779a8bf5c15d596fdfcb5ccdebbc2"
},
{
"url": "https://git.kernel.org/stable/c/10b3f947b609713e04022101f492d288a014ddfa"
},
{
"url": "https://git.kernel.org/stable/c/d5a461c315e5ff92657f84d8ba50caa5abf5c22a"
},
{
"url": "https://git.kernel.org/stable/c/172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e"
},
{
"url": "https://git.kernel.org/stable/c/2ae4bade5a64d126bd18eb66bd419005c5550218"
},
{
"url": "https://git.kernel.org/stable/c/59c7ed20217c0939862fbf8145bc49d5b3a13f4f"
},
{
"url": "https://git.kernel.org/stable/c/110b43ef05342d5a11284cc8b21582b698b4ef1c"
}
],
"title": "NFC: nci: Add bounds checking in nci_hci_create_pipe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21735",
"datePublished": "2025-02-27T02:12:12.202Z",
"dateReserved": "2024-12-29T08:45:45.756Z",
"dateUpdated": "2026-05-12T12:03:33.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21736 (GCVE-0-2025-21736)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:12 – Updated: 2026-05-11 21:05
VLAI
EPSS
Title
nilfs2: fix possible int overflows in nilfs_fiemap()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix possible int overflows in nilfs_fiemap()
Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result
by being prepared to go through potentially maxblocks == INT_MAX blocks,
the value in n may experience an overflow caused by left shift of blkbits.
While it is extremely unlikely to occur, play it safe and cast right hand
expression to wider type to mitigate the issue.
Found by Linux Verification Center (linuxtesting.org) with static analysis
tool SVACE.
Severity
No CVSS data available.
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
622daaff0a8975fb5c5b95f24f3234550ba32e92 , < 7649937987fed51ed09985da4019d50189fc534e
(git)
Affected: 622daaff0a8975fb5c5b95f24f3234550ba32e92 , < 58b1c6881081f5ddfb9a14dc241a74732c0f855c (git) Affected: 622daaff0a8975fb5c5b95f24f3234550ba32e92 , < 8f41df5fd4c11d26e929a85f7239799641f92da7 (git) Affected: 622daaff0a8975fb5c5b95f24f3234550ba32e92 , < f3d80f34f58445355fa27b9579a449fb186aa64e (git) Affected: 622daaff0a8975fb5c5b95f24f3234550ba32e92 , < f2bd0f1ab47822fe5bd699c8458b896c4b2edea1 (git) Affected: 622daaff0a8975fb5c5b95f24f3234550ba32e92 , < b9495a9109abc31d3170f7aad7d48aa64610a1a2 (git) Affected: 622daaff0a8975fb5c5b95f24f3234550ba32e92 , < 250423300b4b0335918be187ef3cade248c06e6a (git) Affected: 622daaff0a8975fb5c5b95f24f3234550ba32e92 , < 6438ef381c183444f7f9d1de18f22661cba1e946 (git) |
|
| Linux | Linux |
Affected:
2.6.38
Unaffected: 0 , < 2.6.38 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.78 , ≤ 6.6.* (semver) Unaffected: 6.12.14 , ≤ 6.12.* (semver) Unaffected: 6.13.3 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:43.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7649937987fed51ed09985da4019d50189fc534e",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
},
{
"lessThan": "58b1c6881081f5ddfb9a14dc241a74732c0f855c",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
},
{
"lessThan": "8f41df5fd4c11d26e929a85f7239799641f92da7",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
},
{
"lessThan": "f3d80f34f58445355fa27b9579a449fb186aa64e",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
},
{
"lessThan": "f2bd0f1ab47822fe5bd699c8458b896c4b2edea1",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
},
{
"lessThan": "b9495a9109abc31d3170f7aad7d48aa64610a1a2",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
},
{
"lessThan": "250423300b4b0335918be187ef3cade248c06e6a",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
},
{
"lessThan": "6438ef381c183444f7f9d1de18f22661cba1e946",
"status": "affected",
"version": "622daaff0a8975fb5c5b95f24f3234550ba32e92",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:26.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7649937987fed51ed09985da4019d50189fc534e"
},
{
"url": "https://git.kernel.org/stable/c/58b1c6881081f5ddfb9a14dc241a74732c0f855c"
},
{
"url": "https://git.kernel.org/stable/c/8f41df5fd4c11d26e929a85f7239799641f92da7"
},
{
"url": "https://git.kernel.org/stable/c/f3d80f34f58445355fa27b9579a449fb186aa64e"
},
{
"url": "https://git.kernel.org/stable/c/f2bd0f1ab47822fe5bd699c8458b896c4b2edea1"
},
{
"url": "https://git.kernel.org/stable/c/b9495a9109abc31d3170f7aad7d48aa64610a1a2"
},
{
"url": "https://git.kernel.org/stable/c/250423300b4b0335918be187ef3cade248c06e6a"
},
{
"url": "https://git.kernel.org/stable/c/6438ef381c183444f7f9d1de18f22661cba1e946"
}
],
"title": "nilfs2: fix possible int overflows in nilfs_fiemap()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21736",
"datePublished": "2025-02-27T02:12:12.871Z",
"dateReserved": "2024-12-29T08:45:45.756Z",
"dateUpdated": "2026-05-11T21:05:26.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21744 (GCVE-0-2025-21744)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:12 – Updated: 2026-05-23 15:57
VLAI
EPSS
Title
wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
On removal of the device or unloading of the kernel module a potential NULL
pointer dereference occurs.
The following sequence deletes the interface:
brcmf_detach()
brcmf_remove_interface()
brcmf_del_if()
Inside the brcmf_del_if() function the drvr->if2bss[ifidx] is updated to
BRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.
After brcmf_remove_interface() call the brcmf_proto_detach() function is
called providing the following sequence:
brcmf_detach()
brcmf_proto_detach()
brcmf_proto_msgbuf_detach()
brcmf_flowring_detach()
brcmf_msgbuf_delete_flowring()
brcmf_msgbuf_remove_flowring()
brcmf_flowring_delete()
brcmf_get_ifp()
brcmf_txfinalize()
Since brcmf_get_ip() can and actually will return NULL in this case the
call to brcmf_txfinalize() will result in a NULL pointer dereference inside
brcmf_txfinalize() when trying to update ifp->ndev->stats.tx_errors.
This will only happen if a flowring still has an skb.
Although the NULL pointer dereference has only been seen when trying to
update the tx statistic, all other uses of the ifp pointer have been
guarded as well with an early return if ifp is NULL.
Severity
No CVSS data available.
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < 2326e19190e176fd72bb542b837a9d2b7fcb8693
(git)
Affected: 7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < 59ff4fa653ff6db07c61152516ffba79c2a74bda (git) Affected: 7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < 61541d9b5a23df33934fcc620a3a81f246b1b240 (git) Affected: 7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < 4e51d6d093e763348916e69d06d87e0a5593661b (git) Affected: 7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < 3877fc67bd3d5566cc12763bce39710ceb74a97d (git) Affected: 7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < fbbfef2a5b858eab55741a58b2ac9a0cc8d53c58 (git) Affected: 7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < a2beefc4fa49ebc22e664dc6b39dbd054f8488f9 (git) Affected: 7f00ee2bbc630900ba16fc2690473f3e2db0e264 , < 68abd0c4ebf24cd499841a488b97a6873d5efabb (git) Affected: 6faa698c35a43b9e74ea24e90fe37471d08d00d0 (git) Affected: 9119232cc92a269d7860b4aa51f07d3923a3cc10 (git) Affected: 4.7.10 , < 4.8 (semver) Affected: 4.8.4 , < 4.9 (semver) |
|
| Linux | Linux |
Affected:
4.9
Unaffected: 0 , < 4.9 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.78 , ≤ 6.6.* (semver) Unaffected: 6.12.14 , ≤ 6.12.* (semver) Unaffected: 6.13.3 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:47.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:03:34.427Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2326e19190e176fd72bb542b837a9d2b7fcb8693",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"lessThan": "59ff4fa653ff6db07c61152516ffba79c2a74bda",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"lessThan": "61541d9b5a23df33934fcc620a3a81f246b1b240",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"lessThan": "4e51d6d093e763348916e69d06d87e0a5593661b",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"lessThan": "3877fc67bd3d5566cc12763bce39710ceb74a97d",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"lessThan": "fbbfef2a5b858eab55741a58b2ac9a0cc8d53c58",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"lessThan": "a2beefc4fa49ebc22e664dc6b39dbd054f8488f9",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"lessThan": "68abd0c4ebf24cd499841a488b97a6873d5efabb",
"status": "affected",
"version": "7f00ee2bbc630900ba16fc2690473f3e2db0e264",
"versionType": "git"
},
{
"status": "affected",
"version": "6faa698c35a43b9e74ea24e90fe37471d08d00d0",
"versionType": "git"
},
{
"status": "affected",
"version": "9119232cc92a269d7860b4aa51f07d3923a3cc10",
"versionType": "git"
},
{
"lessThan": "4.8",
"status": "affected",
"version": "4.7.10",
"versionType": "semver"
},
{
"lessThan": "4.9",
"status": "affected",
"version": "4.8.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:57:03.732Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2326e19190e176fd72bb542b837a9d2b7fcb8693"
},
{
"url": "https://git.kernel.org/stable/c/59ff4fa653ff6db07c61152516ffba79c2a74bda"
},
{
"url": "https://git.kernel.org/stable/c/61541d9b5a23df33934fcc620a3a81f246b1b240"
},
{
"url": "https://git.kernel.org/stable/c/4e51d6d093e763348916e69d06d87e0a5593661b"
},
{
"url": "https://git.kernel.org/stable/c/3877fc67bd3d5566cc12763bce39710ceb74a97d"
},
{
"url": "https://git.kernel.org/stable/c/fbbfef2a5b858eab55741a58b2ac9a0cc8d53c58"
},
{
"url": "https://git.kernel.org/stable/c/a2beefc4fa49ebc22e664dc6b39dbd054f8488f9"
},
{
"url": "https://git.kernel.org/stable/c/68abd0c4ebf24cd499841a488b97a6873d5efabb"
}
],
"title": "wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21744",
"datePublished": "2025-02-27T02:12:17.259Z",
"dateReserved": "2024-12-29T08:45:45.757Z",
"dateUpdated": "2026-05-23T15:57:03.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21749 (GCVE-0-2025-21749)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:12 – Updated: 2026-05-11 21:05
VLAI
EPSS
Title
net: rose: lock the socket in rose_bind()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: rose: lock the socket in rose_bind()
syzbot reported a soft lockup in rose_loopback_timer(),
with a repro calling bind() from multiple threads.
rose_bind() must lock the socket to avoid this issue.
Severity
No CVSS data available.
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b8bf5c3fb778bbb1f3ff7d98ec577c969f687513
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ed00c5f907d08a647b8bf987514ad8c6b17971a7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d308661a0f4e7c8e86dfc7074a55ee5894c61538 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 667f61b3498df751c8b3f0be1637e7226cbe3ed0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e0384efd45f615603e6869205b72040c209e69cc (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 970cd2ed26cdab2b0f15b6d90d7eaa36538244a5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4c04b0ab3a647e76d0e752b013de8e404abafc63 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a1300691aed9ee852b0a9192e29e2bdc2411a7e6 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.78 , ≤ 6.6.* (semver) Unaffected: 6.12.14 , ≤ 6.12.* (semver) Unaffected: 6.13.3 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:54.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rose/af_rose.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b8bf5c3fb778bbb1f3ff7d98ec577c969f687513",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ed00c5f907d08a647b8bf987514ad8c6b17971a7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d308661a0f4e7c8e86dfc7074a55ee5894c61538",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "667f61b3498df751c8b3f0be1637e7226cbe3ed0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e0384efd45f615603e6869205b72040c209e69cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "970cd2ed26cdab2b0f15b6d90d7eaa36538244a5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4c04b0ab3a647e76d0e752b013de8e404abafc63",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a1300691aed9ee852b0a9192e29e2bdc2411a7e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rose/af_rose.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:41.256Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b8bf5c3fb778bbb1f3ff7d98ec577c969f687513"
},
{
"url": "https://git.kernel.org/stable/c/ed00c5f907d08a647b8bf987514ad8c6b17971a7"
},
{
"url": "https://git.kernel.org/stable/c/d308661a0f4e7c8e86dfc7074a55ee5894c61538"
},
{
"url": "https://git.kernel.org/stable/c/667f61b3498df751c8b3f0be1637e7226cbe3ed0"
},
{
"url": "https://git.kernel.org/stable/c/e0384efd45f615603e6869205b72040c209e69cc"
},
{
"url": "https://git.kernel.org/stable/c/970cd2ed26cdab2b0f15b6d90d7eaa36538244a5"
},
{
"url": "https://git.kernel.org/stable/c/4c04b0ab3a647e76d0e752b013de8e404abafc63"
},
{
"url": "https://git.kernel.org/stable/c/a1300691aed9ee852b0a9192e29e2bdc2411a7e6"
}
],
"title": "net: rose: lock the socket in rose_bind()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21749",
"datePublished": "2025-02-27T02:12:20.305Z",
"dateReserved": "2024-12-29T08:45:45.758Z",
"dateUpdated": "2026-05-11T21:05:41.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21753 (GCVE-0-2025-21753)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:12 – Updated: 2026-05-12 12:03
VLAI
EPSS
Title
btrfs: fix use-after-free when attempting to join an aborted transaction
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free when attempting to join an aborted transaction
When we are trying to join the current transaction and if it's aborted,
we read its 'aborted' field after unlocking fs_info->trans_lock and
without holding any extra reference count on it. This means that a
concurrent task that is aborting the transaction may free the transaction
before we read its 'aborted' field, leading to a use-after-free.
Fix this by reading the 'aborted' field while holding fs_info->trans_lock
since any freeing task must first acquire that lock and set
fs_info->running_transaction to NULL before freeing the transaction.
This was reported by syzbot and Dmitry with the following stack traces
from KASAN:
==================================================================
BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278
Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128
CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound btrfs_async_reclaim_data_space
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0x169/0x550 mm/kasan/report.c:489
kasan_report+0x143/0x180 mm/kasan/report.c:602
join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278
start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697
flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803
btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 5315:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329
kmalloc_noprof include/linux/slab.h:901 [inline]
join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308
start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697
btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572
lookup_open fs/namei.c:3649 [inline]
open_last_lookups fs/namei.c:3748 [inline]
path_openat+0x1c03/0x3590 fs/namei.c:3984
do_filp_open+0x27f/0x4e0 fs/namei.c:4014
do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
do_sys_open fs/open.c:1417 [inline]
__do_sys_creat fs/open.c:1495 [inline]
__se_sys_creat fs/open.c:1489 [inline]
__x64_sys_creat+0x123/0x170 fs/open.c:1489
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 5336:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2353 [inline]
slab_free mm/slub.c:4613 [inline]
kfree+0x196/0x430 mm/slub.c:4761
cleanup_transaction fs/btrfs/transaction.c:2063 [inline]
btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598
insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757
btrfs_balance+0x992/
---truncated---
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
871383be592ba7e819d27556591e315a0df38cee , < cee55b1219568c80bf0d5dc55066e4a859baf753
(git)
Affected: 871383be592ba7e819d27556591e315a0df38cee , < c7a53757717e68af94a56929d57f1e6daff220ec (git) Affected: 871383be592ba7e819d27556591e315a0df38cee , < 7e954b6bb95d67ae4d1a20e9cfd83c182cf929bc (git) Affected: 871383be592ba7e819d27556591e315a0df38cee , < 6ba4663ada6c6315af23a6669d386146634808ec (git) Affected: 871383be592ba7e819d27556591e315a0df38cee , < 8f5cff471039caa2b088060c074c2bf2081bcb01 (git) Affected: 871383be592ba7e819d27556591e315a0df38cee , < 86d71a026a7f63da905db9add845c8ee88801eca (git) Affected: 871383be592ba7e819d27556591e315a0df38cee , < ce628048390dad80320d5a1f74de6ca1e1be91e7 (git) Affected: 871383be592ba7e819d27556591e315a0df38cee , < e2f0943cf37305dbdeaf9846e3c941451bcdef63 (git) |
|
| Linux | Linux |
Affected:
3.4
Unaffected: 0 , < 3.4 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.78 , ≤ 6.6.* (semver) Unaffected: 6.12.14 , ≤ 6.12.* (semver) Unaffected: 6.13.3 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:14:22.911957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:29.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:58.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:03:36.932Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cee55b1219568c80bf0d5dc55066e4a859baf753",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
},
{
"lessThan": "c7a53757717e68af94a56929d57f1e6daff220ec",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
},
{
"lessThan": "7e954b6bb95d67ae4d1a20e9cfd83c182cf929bc",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
},
{
"lessThan": "6ba4663ada6c6315af23a6669d386146634808ec",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
},
{
"lessThan": "8f5cff471039caa2b088060c074c2bf2081bcb01",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
},
{
"lessThan": "86d71a026a7f63da905db9add845c8ee88801eca",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
},
{
"lessThan": "ce628048390dad80320d5a1f74de6ca1e1be91e7",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
},
{
"lessThan": "e2f0943cf37305dbdeaf9846e3c941451bcdef63",
"status": "affected",
"version": "871383be592ba7e819d27556591e315a0df38cee",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:45.922Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cee55b1219568c80bf0d5dc55066e4a859baf753"
},
{
"url": "https://git.kernel.org/stable/c/c7a53757717e68af94a56929d57f1e6daff220ec"
},
{
"url": "https://git.kernel.org/stable/c/7e954b6bb95d67ae4d1a20e9cfd83c182cf929bc"
},
{
"url": "https://git.kernel.org/stable/c/6ba4663ada6c6315af23a6669d386146634808ec"
},
{
"url": "https://git.kernel.org/stable/c/8f5cff471039caa2b088060c074c2bf2081bcb01"
},
{
"url": "https://git.kernel.org/stable/c/86d71a026a7f63da905db9add845c8ee88801eca"
},
{
"url": "https://git.kernel.org/stable/c/ce628048390dad80320d5a1f74de6ca1e1be91e7"
},
{
"url": "https://git.kernel.org/stable/c/e2f0943cf37305dbdeaf9846e3c941451bcdef63"
}
],
"title": "btrfs: fix use-after-free when attempting to join an aborted transaction",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21753",
"datePublished": "2025-02-27T02:12:23.235Z",
"dateReserved": "2024-12-29T08:45:45.760Z",
"dateUpdated": "2026-05-12T12:03:36.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21760 (GCVE-0-2025-21760)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:18 – Updated: 2026-05-12 12:03
VLAI
EPSS
Title
ndisc: extend RCU protection in ndisc_send_skb()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb()
ndisc_send_skb() can be called without RTNL or RCU held.
Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu()
and avoid a potential UAF.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1762f7e88eb34f653b4a915be99a102e347dd45e , < 10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1
(git)
Affected: 1762f7e88eb34f653b4a915be99a102e347dd45e , < 4d576202b90b1b95a7c428a80b536f91b8201bcc (git) Affected: 1762f7e88eb34f653b4a915be99a102e347dd45e , < e24d225e4cb8cf108bde00b76594499b98f0a74d (git) Affected: 1762f7e88eb34f653b4a915be99a102e347dd45e , < a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d (git) Affected: 1762f7e88eb34f653b4a915be99a102e347dd45e , < ae38982f521621c216fc2f5182cd091f4734641d (git) Affected: 1762f7e88eb34f653b4a915be99a102e347dd45e , < 789230e5a8c1097301afc802e242c79bc8835c67 (git) Affected: 1762f7e88eb34f653b4a915be99a102e347dd45e , < 04e05112f10354ffc3bb6cc796d553bab161594c (git) Affected: 1762f7e88eb34f653b4a915be99a102e347dd45e , < ed6ae1f325d3c43966ec1b62ac1459e2b8e45640 (git) |
|
| Linux | Linux |
Affected:
2.6.26
Unaffected: 0 , < 2.6.26 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.79 , ≤ 6.6.* (semver) Unaffected: 6.12.16 , ≤ 6.12.* (semver) Unaffected: 6.13.4 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:57:40.416234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:27.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:37:05.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:03:40.715Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ndisc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
},
{
"lessThan": "4d576202b90b1b95a7c428a80b536f91b8201bcc",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
},
{
"lessThan": "e24d225e4cb8cf108bde00b76594499b98f0a74d",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
},
{
"lessThan": "a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
},
{
"lessThan": "ae38982f521621c216fc2f5182cd091f4734641d",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
},
{
"lessThan": "789230e5a8c1097301afc802e242c79bc8835c67",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
},
{
"lessThan": "04e05112f10354ffc3bb6cc796d553bab161594c",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
},
{
"lessThan": "ed6ae1f325d3c43966ec1b62ac1459e2b8e45640",
"status": "affected",
"version": "1762f7e88eb34f653b4a915be99a102e347dd45e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ndisc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.79",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:51.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1"
},
{
"url": "https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc"
},
{
"url": "https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d"
},
{
"url": "https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d"
},
{
"url": "https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d"
},
{
"url": "https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67"
},
{
"url": "https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c"
},
{
"url": "https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640"
}
],
"title": "ndisc: extend RCU protection in ndisc_send_skb()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21760",
"datePublished": "2025-02-27T02:18:13.496Z",
"dateReserved": "2024-12-29T08:45:45.761Z",
"dateUpdated": "2026-05-12T12:03:40.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21761 (GCVE-0-2025-21761)
Vulnerability from cvelistv5 – Published: 2025-02-27 02:18 – Updated: 2026-05-12 12:03
VLAI
EPSS
Title
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
Summary
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
ovs_vport_cmd_fill_info() can be called without RTNL or RCU.
Use RCU protection and dev_net_rcu() to avoid potential UAF.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9354d452034273a50a4fd703bea31e5d6b1fc20b , < e85a25d1a9985645e796039e843d1de581d2de1e
(git)
Affected: 9354d452034273a50a4fd703bea31e5d6b1fc20b , < a8816b3f1f151373fd30f1996f00480126c8bb11 (git) Affected: 9354d452034273a50a4fd703bea31e5d6b1fc20b , < a884f57600e463f69d7b279c4598b865260b62a1 (git) Affected: 9354d452034273a50a4fd703bea31e5d6b1fc20b , < 7e01abc34e87abd091e619161a20f54ed4e3e2da (git) Affected: 9354d452034273a50a4fd703bea31e5d6b1fc20b , < 8ec57509c36c8b9a23e50b7858dda0c520a2d074 (git) Affected: 9354d452034273a50a4fd703bea31e5d6b1fc20b , < a849a10de5e04d798f7f286a2f1ca174719a617a (git) Affected: 9354d452034273a50a4fd703bea31e5d6b1fc20b , < 5828937742af74666192835d657095d95c53dbd0 (git) Affected: 9354d452034273a50a4fd703bea31e5d6b1fc20b , < 90b2f49a502fa71090d9f4fe29a2f51fe5dff76d (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.179 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.79 , ≤ 6.6.* (semver) Unaffected: 6.12.16 , ≤ 6.12.* (semver) Unaffected: 6.13.4 , ≤ 6.13.* (semver) Unaffected: 6.14 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:57:35.920303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:27.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:37:08.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:03:41.909Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/openvswitch/datapath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e85a25d1a9985645e796039e843d1de581d2de1e",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
},
{
"lessThan": "a8816b3f1f151373fd30f1996f00480126c8bb11",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
},
{
"lessThan": "a884f57600e463f69d7b279c4598b865260b62a1",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
},
{
"lessThan": "7e01abc34e87abd091e619161a20f54ed4e3e2da",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
},
{
"lessThan": "8ec57509c36c8b9a23e50b7858dda0c520a2d074",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
},
{
"lessThan": "a849a10de5e04d798f7f286a2f1ca174719a617a",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
},
{
"lessThan": "5828937742af74666192835d657095d95c53dbd0",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
},
{
"lessThan": "90b2f49a502fa71090d9f4fe29a2f51fe5dff76d",
"status": "affected",
"version": "9354d452034273a50a4fd703bea31e5d6b1fc20b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/openvswitch/datapath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.79",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:05:53.119Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e85a25d1a9985645e796039e843d1de581d2de1e"
},
{
"url": "https://git.kernel.org/stable/c/a8816b3f1f151373fd30f1996f00480126c8bb11"
},
{
"url": "https://git.kernel.org/stable/c/a884f57600e463f69d7b279c4598b865260b62a1"
},
{
"url": "https://git.kernel.org/stable/c/7e01abc34e87abd091e619161a20f54ed4e3e2da"
},
{
"url": "https://git.kernel.org/stable/c/8ec57509c36c8b9a23e50b7858dda0c520a2d074"
},
{
"url": "https://git.kernel.org/stable/c/a849a10de5e04d798f7f286a2f1ca174719a617a"
},
{
"url": "https://git.kernel.org/stable/c/5828937742af74666192835d657095d95c53dbd0"
},
{
"url": "https://git.kernel.org/stable/c/90b2f49a502fa71090d9f4fe29a2f51fe5dff76d"
}
],
"title": "openvswitch: use RCU protection in ovs_vport_cmd_fill_info()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21761",
"datePublished": "2025-02-27T02:18:14.054Z",
"dateReserved": "2024-12-29T08:45:45.761Z",
"dateUpdated": "2026-05-12T12:03:41.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…