CVE-2025-21865Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write72 documents9 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8OSV7.1OSV5.9
EPSS
0.1%
top 83.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedMar 12
Latest updateJul 16

Description

In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Brad Spengler reported the list_del() corruption splat in gtp_net_exit_batch_rtnl(). [0] Commit eb28fd76c0a0 ("gtp: Destroy device along with udp socket's netns dismantle.") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger ->dellink() twice for the same

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel6.1.1276.1.130+7
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-216.236+1
CVEListV5linux/linuxc986380c1d5274c4d5e935addc807d6791cc23eb7f86fb07db65a470d0c11f79da551bd9466357dc+8

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

34
OSV
linux-iot vulnerabilities2025-07-16
OSV
linux-xilinx-zynqmp vulnerabilities2025-06-26
OSV
linux-hwe-5.15 vulnerabilities2025-06-24
OSV
linux-aws-fips, linux-fips vulnerabilities2025-05-29
OSV
linux-aws-5.4 vulnerabilities2025-05-29

📋Vendor Advisories

36
Ubuntu
Linux kernel (IoT) vulnerabilities2025-07-16
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2025-06-24
CISA ICS
Siemens SIMATIC S7-1500 CPU Family2025-06-12
Ubuntu
Linux kernel (AWS) vulnerabilities2025-05-29
CVE-2025-21865 — Out-of-bounds Write in Linux | cvebase