PT-2025-13212 · Linux+6 · Linux Kernel+6
Published
2024-10-21
·
Updated
2026-04-20
·
CVE-2025-21875
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf
Description
A vulnerability has been resolved in the Linux kernel related to the MultiPath TCP (MPTCP) protocol. The issue arises when the PM control path attempts to send a RM ADDR notification over a socket without acquiring the necessary lock, potentially leading to a lockdep splat. This problem is a result of an early optimization that incorrectly assumes no subflows are present, allowing another process to interfere without proper locking.
Recommendations
For Linux kernel versions prior to 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the MPTCP protocol to minimize the risk of exploitation.
Exploit
Fix
Memory Leak
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu