CVE-2025-21758

ipv6: mcast: add RCU protection to mld_newpack()

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.

N/A
CVSS
Severity:
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/29fa42197f26a97cde29fa8c40beddf44ea5c8f3
https://git.kernel.org/stable/c/e8af3632a7f2da83e27b083f787bced1faba00b1
https://git.kernel.org/stable/c/1b91c597b0214b1b462eb627ec02658c944623f2
https://git.kernel.org/stable/c/25195f9d5ffcc8079ad743a50c0409dbdc48d98a
https://git.kernel.org/stable/c/d60d493b0e65647e0335e6a7c4547abcea7df8e9
https://git.kernel.org/stable/c/a527750d877fd334de87eef81f1cb5f0f0ca3373

Frequently Asked Questions

What is the severity of CVE-2025-21758?
CVE-2025-21758 has not yet been assigned a CVSS score.
How to fix CVE-2025-21758?
To fix CVE-2025-21758, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21758 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21758 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21758?
CVE-2025-21758 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.