CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21764: ndisc: use RCU protection in ndisc_alloc_skb()

Description

In the Linux kernel, the following vulnerability has been resolved:

ndisc: use RCU protection in ndisc_alloc_skb()

ndisc_alloc_skb() can be called without RTNL or RCU being held.

Add RCU protection to avoid possible UAF.

Classification

CVE ID: CVE-2025-21764

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.85% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21764
https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d
https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304
https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28
https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926
https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9

Timeline