CVE-2025-21677 — Linux vulnerability
9 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 31
Latest updateApr 23
Description
In the Linux kernel, the following vulnerability has been resolved:
pfcp: Destroy device along with udp socket's netns dismantle.
pfcp_newlink() links the device to a list in dev_net(dev) instead
of net, where a udp tunnel socket is created.
Even when net is removed, the device stays alive on dev_net(dev).
Then, removing net triggers the splat below. [0]
In this example, pfcp0 is created in ns2, but the udp socket is
created in ns1.
ip netns add ns1
ip netns add ns2
ip -n ns1 link add netns…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux76c8764ef36a5d37ea2e551bda28ac7f028383ba — 1c35a66e2bfea53dea3562b2575ac7fd4c38ee61+2
Patches
🔴Vulnerability Details
4OSV▶
linux, linux-aws, linux-gcp, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities↗2025-04-23
OSV▶
CVE-2025-21677: In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle↗2025-01-31
GHSA▶
GHSA-ch6g-q299-j266: In the Linux kernel, the following vulnerability has been resolved:
pfcp: Destroy device along with udp socket's netns dismantle↗2025-01-31