cbcvebase.
CVE-2025-21758
published 2025-02-27

CVE-2025-21758: In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL…

PriorityP430medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
13.63%
96.0th percentile
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.

Affected

20 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 6.1.129-1 (bookworm)linux 6.1.129-1 (bookworm)
debianlinux-6.1< linux 6.1.129-1 (bookworm)linux 6.1.129-1 (bookworm)
linuxlinux
linuxlinux>= b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 29fa42197f26a97cde29fa8c40beddf44ea5c8f329fa42197f26a97cde29fa8c40beddf44ea5c8f3
linuxlinux>= b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < e8af3632a7f2da83e27b083f787bced1faba00b1e8af3632a7f2da83e27b083f787bced1faba00b1
linuxlinux>= b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 1b91c597b0214b1b462eb627ec02658c944623f21b91c597b0214b1b462eb627ec02658c944623f2
linuxlinux>= b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < 25195f9d5ffcc8079ad743a50c0409dbdc48d98a25195f9d5ffcc8079ad743a50c0409dbdc48d98a
linuxlinux>= b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < d60d493b0e65647e0335e6a7c4547abcea7df8e9d60d493b0e65647e0335e6a7c4547abcea7df8e9
linuxlinux>= b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 < a527750d877fd334de87eef81f1cb5f0f0ca3373a527750d877fd334de87eef81f1cb5f0f0ca3373
linuxlinux_kernel
linuxlinux_kernel>= 0 < 6.1.129-16.1.129-1
linuxlinux_kernel>= 0 < 6.12.16-16.12.16-1
linuxlinux_kernel>= 0 < 6.12.16-16.12.16-1
linuxlinux_kernel>= 0 < 5.15.0-140.1505.15.0-140.150
linuxlinux_kernel>= 0 < 6.8.0-78.786.8.0-78.78
linuxlinux_kernel>= 2.6.26 < 5.15.1795.15.179
linuxlinux_kernel>= 5.16 < 6.1.1296.1.129
linuxlinux_kernel>= 6.13 < 6.13.46.13.4
linuxlinux_kernel>= 6.2 < 6.6.796.6.79
linuxlinux_kernel>= 6.7 < 6.12.166.12.16

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.