CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-21762: arp: use RCU protection in arp_xmit()
Description
In the Linux kernel, the following vulnerability has been resolved:
arp: use RCU protection in arp_xmit()
arp_xmit() can be called without RTNL or RCU protection.
Use RCU protection to avoid potential UAF.
Classification
CVE ID: CVE-2025-21762
Affected Products
Vendor: Linux, Linux
Product: Linux, Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 1.85% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-21762https://git.kernel.org/stable/c/f189654459423d4d48bef2d120b4bfba559e6039
https://git.kernel.org/stable/c/e9f4dee534eb1b225b0a120395ad9bc2afe164d3
https://git.kernel.org/stable/c/01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe
https://git.kernel.org/stable/c/2c331718d3389b6c5f6855078ab7171849e016bd
https://git.kernel.org/stable/c/a42b69f692165ec39db42d595f4f65a4c8f42e44