CVE-2025-21867

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A use-after-free issue was identified in the Linux kernel, specifically in the eth skb pkt type() function. This issue occurred when bpf prog test run xdp() passed an invalid value as the user data argument to bpf test init(), causing eth skb pkt type() to access skb's data without an Ethernet header. The issue was reported by KMSAN and has been fixed by returning an error when user data is less than ETH HLEN in bpf test init().

Recommendations For Linux kernel versions prior to the fixed version: Update to a version that includes the fix for the use-after-free issue in eth skb pkt type(). As a temporary workaround, consider restricting the use of bpf prog test run xdp() until a patch is available. Avoid using invalid values as the user data argument to bpf test init() to prevent exploitation of the issue.