CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21823: batman-adv: Drop unmanaged ELP metric worker

Description

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: Drop unmanaged ELP metric worker

The ELP worker needs to calculate new metric values for all neighbors
"reachable" over an interface. Some of the used metric sources require
locks which might need to sleep. This sleep is incompatible with the RCU
list iterator used for the recorded neighbors. The initial approach to work
around of this problem was to queue another work item per neighbor and then
run this in a new context.

Even when this solved the RCU vs might_sleep() conflict, it has a major
problems: Nothing was stopping the work item in case it is not needed
anymore - for example because one of the related interfaces was removed or
the batman-adv module was unloaded - resulting in potential invalid memory
accesses.

Directly canceling the metric worker also has various problems:

* cancel_work_sync for a to-be-deactivated interface is called with
rtnl_lock held. But the code in the ELP metric worker also tries to use
rtnl_lock() - which will never return in this case. This also means that
cancel_work_sync would never return because it is waiting for the worker
to finish.
* iterating over the neighbor list for the to-be-deactivated interface is
currently done using the RCU specific methods. Which means that it is
possible to miss items when iterating over it without the associated
spinlock - a behaviour which is acceptable for a periodic metric check
but not for a cleanup r...

Classification

CVE ID: CVE-2025-21823

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 10.81% (scored less or equal to compared to others)

EPSS Date: 2025-03-28 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21823
https://git.kernel.org/stable/c/781a06fd265a8151f7601122d9c2e985663828ff
https://git.kernel.org/stable/c/a7aa2317285806640c844acd4cd2cd768e395264
https://git.kernel.org/stable/c/0fdc3c166ac17b26014313fa2b93696354511b24
https://git.kernel.org/stable/c/af264c2a9adc37f4bdf88ca7f3affa15d8c7de9e
https://git.kernel.org/stable/c/8c8ecc98f5c65947b0070a24bac11e12e47cc65d

Timeline

2025-02-27 21:40:21 UTC
CVE

batman-adv: Drop unmanaged ELP metric worker
2025-03-06 09:45:32 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2025-21823