CVE-2025-21958Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition5 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 88.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 1

Description

In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently, ovs_ct_set_labels() is only called for confirmed conntrack entries (ct) within ovs_ct_commit(). However, if the conntrack entry does not have the labels_ext extension, attempting to allocate it in ovs_ct_get_conn_labels() for a confirmed entry triggers a warning in nf_ct_ext_add(): WARN_ON(nf_ct_is_confirmed(ct)); This happens when the conntrac

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.126.12.20+2
Debianlinux/linux_kernel< 6.12.20-1+1
CVEListV5linux/linuxfcb1aa5163b1ae4cf2864b688b08927aac51f51e9e79fdabd52cfce1a021640a81256878a2c516a2+3
debiandebian/linux< linux 6.12.20-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-jx6v-7wmg-pq67: In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently2025-04-01
OSV
CVE-2025-21958: In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently,2025-04-01

📋Vendor Advisories

2
Red Hat
kernel: Revert "openvswitch: switch to per-action label counting in conntrack"2025-04-01
Debian
CVE-2025-21958: linux - In the Linux kernel, the following vulnerability has been resolved: Revert "ope...2025
CVE-2025-21958 — Linux vulnerability | cvebase