CVE-2025-21759 Information

Mar 01, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

ipv6: mcast: extend RCU protection in igmp6_send()

igmp6_send() can be called without RTNL or RCU being held.

Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF.

Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.

Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.

Reference

https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946 https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381 https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458

Share on: