CVE-2025-21768

net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels

Description

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own cache, and the lwtunnel state will never be freed. Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks. I'm not sure if rpl and seg6 can actually hit this, but in principle I don't see why not.

N/A

CVSS

Severity:

EPSS 0.03%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/5ab11a4e219e93b8b31a27f8ec98d42afadd8b7a
https://git.kernel.org/stable/c/4c0f200c7d06fedddde82209c099014d63f4a6c0
https://git.kernel.org/stable/c/92191dd1073088753821b862b791dcc83e558e07

Frequently Asked Questions

What is the severity of CVE-2025-21768?: CVE-2025-21768 has not yet been assigned a CVSS score.
How to fix CVE-2025-21768?: To fix CVE-2025-21768, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21768 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-21768 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21768?: CVE-2025-21768 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.