PT-2025-14319 · Linux+6 · Linux Kernel+6

Publicado

2025-03-03

·

Atualizado

2026-01-20

·

CVE-2025-21938

CVSS v2.0

5.4

Média

VetorAV:N/AC:H/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue arises when multiple connection requests attempt to create an implicit mptcp endpoint in parallel, potentially leading to the deletion of address entries created by previous callers. This can occur when the function mptcp pm nl append new local addr is called, which may use synchronize rcu in contexts where it is not permitted. The problem is particularly prevalent when a user advertises an endpoint with different external and internal addresses, and multiple connections already exist. This can trigger a race during the creation of the first local address list entries.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

BDU:2025-04614
CVE-2025-21938
DLA-4193-1
DSA-5900-1
ECHO-0D69-EB6C-7629
OESA-2025-1874
OESA-2025-1879
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7521-1
USN-7521-2
USN-7521-3
USN-7522-1
USN-7523-1
USN-7524-1

Produtos afetados

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu