CVE-2025-21636 Information
Description
In the Linux kernel the following vulnerability has been resolved:
sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
As mentioned in a previous commit of this series using the ’net' structure via ‘current’ is not recommended for different reasons:
-
Inconsistency: getting info from the reader’s/writer’s netns vs only from the opener’s netns.
-
current->nsproxy can be NULL in some cases resulting in an ‘Oops’ (null-ptr-deref) e.g. when the current task is exiting as spotted by syzbot [1] using acct(2).
The ’net’ structure can be obtained from the table->data using container_of().
Note that table->data could also be used directly as this is the only member needed from the ’net’ structure but that would increase the size of this fix to use ‘data’ everywhere ’net->sctp.probe_interval’ is used.
Reference
https://git.kernel.org/stable/c/284a221f8fa503628432c7bb5108277c688c6ffa https://git.kernel.org/stable/c/44ee8635922b6eb940faddb961a8347c6857d722 https://git.kernel.org/stable/c/6259d2484d0ceff42245d1f09cc8cb6ee72d847a https://git.kernel.org/stable/c/bcf8c60074e81ed2ac2d35130917175a3949c917
Share on: