CVE-2025-21761 Information

Mar 01, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

ovs_vport_cmd_fill_info() can be called without RTNL or RCU.

Use RCU protection and dev_net_rcu() to avoid potential UAF.

Reference

https://git.kernel.org/stable/c/5828937742af74666192835d657095d95c53dbd0 https://git.kernel.org/stable/c/7e01abc34e87abd091e619161a20f54ed4e3e2da https://git.kernel.org/stable/c/8ec57509c36c8b9a23e50b7858dda0c520a2d074 https://git.kernel.org/stable/c/90b2f49a502fa71090d9f4fe29a2f51fe5dff76d https://git.kernel.org/stable/c/a849a10de5e04d798f7f286a2f1ca174719a617a

Share on: