CVE-2025-21857

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version

Description: A NULL pointer dereference issue has been identified in the Linux kernel. The problem arises from incorrect error handling in the tcf exts miss cookie base alloc() function, which calls xa alloc cyclic(). This function can return 1 if the allocation is successful after wrapping, but this return value is treated as an error. As a result, exts->actions is set to NULL and returned to the caller fl change(), which then calls tcf exts validate ex() and subsequently tcf action init() with the NULL exts->actions as an argument, leading to a NULL pointer dereference.

Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the NULL pointer dereference error in the net/sched subsystem. As a temporary workaround, consider disabling the tcf action init() function until a patch is available. Restrict access to the vulnerable cls api module to minimize the risk of exploitation. Avoid using the exts->actions variable in the affected API endpoints until the issue is resolved.