CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-21763: neighbour: use RCU protection in __neigh_notify()
Description
In the Linux kernel, the following vulnerability has been resolved:
neighbour: use RCU protection in __neigh_notify()
__neigh_notify() can be called without RTNL or RCU protection.
Use RCU protection to avoid potential UAF.
Classification
CVE ID: CVE-2025-21763
Affected Products
Vendor: Linux, Linux
Product: Linux, Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 1.85% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-21763https://git.kernel.org/stable/c/784eb2376270e086f7db136d154b8404edacf97b
https://git.kernel.org/stable/c/1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379
https://git.kernel.org/stable/c/cdd5c2a12ddad8a77ce1838ff9f29aa587de82df
https://git.kernel.org/stable/c/559307d25235e24b5424778c7332451b6c741159
https://git.kernel.org/stable/c/becbd5850c03ed33b232083dd66c6e38c0c0e569