CVE-2025-21858

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0

Description: A use-after-free issue has been identified in the Linux kernel, specifically in the geneve find dev() function. This issue occurs when the geneve configure() function links the struct geneve dev.next to net generic(net, geneve net id)->geneve list, and the network namespace is dismantled, causing the device to be freed while its geneve dev.next is still linked to the backend UDP socket network namespace. This can lead to a use-after-free error when another geneve device is created in the network namespace. The issue is resolved by calling geneve dellink() instead of geneve destroy tunnels().

Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the geneve find dev() function until a patch is available. Restrict access to the vulnerable geneve dev structure to minimize the risk of exploitation. Avoid using the geneve configure() function in the affected API endpoint until the issue is resolved.