CVE-2025-22057

net: decrease cached dst counters in dst_release

Description

In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request at virtual address ffff5aabf6b5c000 Call trace: percpu_counter_add_batch+0x3c/0x160 (P) dst_release+0xec/0x108 dst_cache_destroy+0x68/0xd8 dst_destroy+0x13c/0x168 dst_destroy_rcu+0x1c/0xb0 rcu_do_batch+0x18c/0x7d0 rcu_core+0x174/0x378 rcu_core_si+0x18/0x30 Fix this by invalidating the cache, and thus decrementing cached dst counters, in dst_release too.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ccc331fd5bcae131d2627d5ef099d4a1f6540aea
https://git.kernel.org/stable/c/92a5c18513117be69bc00419dd1724c1940f8fcd
https://git.kernel.org/stable/c/836415a8405c9665ae55352fc5ba865c242f5e4f
https://git.kernel.org/stable/c/e833e7ad64eb2f63867f65303be49ca30ee8819e
https://git.kernel.org/stable/c/3a0a3ff6593d670af2451ec363ccb7b18aec0c0a

Frequently Asked Questions

What is the severity of CVE-2025-22057?
CVE-2025-22057 has not yet been assigned a CVSS score.
How to fix CVE-2025-22057?
To fix CVE-2025-22057, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-22057 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-22057 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-22057?
CVE-2025-22057 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.