CVE-2025-21938Race Condition in Linux

CWE-362Race Condition33 documents6 sources
Severity
4.7MEDIUMNVD
OSV7.8OSV7.1OSV6.2OSV5.5
EPSS
0.1%
top 80.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 1
Latest updateMay 29

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcp_pm_nl_append_new_local_addr because none found the address in local_addr_list during their call to mptcp_pm_nl_get_local_id. In this case, the concurrent new_local_addr calls may delete the address entry created by the previo

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.186.1.131+4
Debianlinux/linux_kernel< 6.1.133-1+2
Ubuntulinux/linux_kernel< 6.8.0-60.63
CVEListV5linux/linuxd045b9eb95a9b611c483897a69e7285aefdc66d7f1404f368c40fc6a068dad72e4ee0824ee6a78ee+5
debiandebian/linux< linux 6.1.133-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

16
OSV
linux-oracle-6.8 vulnerabilities2025-05-29
OSV
linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle vulnerabilities2025-05-28
OSV
linux-hwe-6.8 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-26
OSV
linux-aws vulnerabilities2025-05-22

📋Vendor Advisories

16
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-05-29
Ubuntu
Linux kernel vulnerabilities2025-05-28
Ubuntu
Linux kernel (HWE) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-26
Ubuntu
Linux kernel (AWS) vulnerabilities2025-05-22