CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
Description
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
ovs_vport_cmd_fill_info() can be called without RTNL or RCU.
Use RCU protection and dev_net_rcu() to avoid potential UAF.
Classification
CVE ID: CVE-2025-21761
Affected Products
Vendor: Linux, Linux
Product: Linux, Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 1.85% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-21761https://git.kernel.org/stable/c/7e01abc34e87abd091e619161a20f54ed4e3e2da
https://git.kernel.org/stable/c/8ec57509c36c8b9a23e50b7858dda0c520a2d074
https://git.kernel.org/stable/c/a849a10de5e04d798f7f286a2f1ca174719a617a
https://git.kernel.org/stable/c/5828937742af74666192835d657095d95c53dbd0
https://git.kernel.org/stable/c/90b2f49a502fa71090d9f4fe29a2f51fe5dff76d