CVE-2025-21759

HIGH

Linux Kernel 2.6.26-6.6.78, 6.7.0-6.12.15, 6.13.0-6.13.3 - Use-After-Free in igmp6_send()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a

Patch

https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381

Patch

https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458

Patch

https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946

Scores

CVSS v3 7.8

EPSS 0.0701

EPSS Percentile 93.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (15)

linux/Kernel 2.6.26 - 6.6.79linux

linux/Kernel 6.13.0 - 6.13.4linux

linux/Kernel 6.7.0 - 6.12.16linux

Linux/Linux < 2.6.26

Linux/Linux 2.6.26

Linux/Linux 6.12.16 - 6.12.*

Linux/Linux 6.13.4 - 6.13.*

Linux/Linux 6.14

Linux/Linux 6.6.79 - 6.6.*

Linux/Linux b8ad0cbc58f703972e9e37c4e2a8081dd7e6a551 - 087c1faa594fa07a66933d750c0b2610aa1a2946

... and 5 more

Published Feb 27, 2025

Tracked Since Feb 18, 2026