CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-21749: net: rose: lock the socket in rose_bind()
Description
In the Linux kernel, the following vulnerability has been resolved:
net: rose: lock the socket in rose_bind()
syzbot reported a soft lockup in rose_loopback_timer(),
with a repro calling bind() from multiple threads.
rose_bind() must lock the socket to avoid this issue.
Classification
CVE ID: CVE-2025-21749
Affected Products
Vendor: Linux, Linux
Product: Linux, Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 1.29% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-21749https://git.kernel.org/stable/c/667f61b3498df751c8b3f0be1637e7226cbe3ed0
https://git.kernel.org/stable/c/e0384efd45f615603e6869205b72040c209e69cc
https://git.kernel.org/stable/c/970cd2ed26cdab2b0f15b6d90d7eaa36538244a5
https://git.kernel.org/stable/c/4c04b0ab3a647e76d0e752b013de8e404abafc63
https://git.kernel.org/stable/c/a1300691aed9ee852b0a9192e29e2bdc2411a7e6