CVE-2025-21635 Information

Jan 20, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

rds: sysctl: rds_tcp_rcvsndbuf: avoid using current->nsproxy

As mentioned in a previous commit of this series using the ’net' structure via ‘current’ is not recommended for different reasons:

Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns.
current->nsproxy can be NULL in some cases resulting in an ‘Oops’ (null-ptr-deref) e.g. when the current task is exiting as spotted by syzbot [1] using acct(2).

The per-netns structure can be obtained from the table->data using container_of() then the ’net’ one can be retrieved from the listen socket (if available).

Reference

https://git.kernel.org/stable/c/7f5611cbc4871c7fb1ad36c2e5a9edad63dca95c https://git.kernel.org/stable/c/de8d6de0ee27be4b2b1e5b06f04aeacbabbba492

Share on: