PT-2025-13228 · Linux+7 · Linux Kernel+7

Published

2025-02-22

·

Updated

2026-05-26

·

CVE-2025-21891

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved. The issue was found in the ipvlan module, where the function ipvlan process v6 outbound() was assuming the IPv6 network header is present in skb->head. To fix this, pskb network may pull() calls were added for both IPv4 and IPv6 handlers. The vulnerability was discovered by syzbot and is related to an uninitialized value in the ipv6 addr type() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use of Uninitialized Resource

Weakness Enumeration

CWE-908

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-5786
AZL-60331
BDU:2025-12365
CVE-2025-21891
DLA-4193-1
DSA-5900-1
ECHO-D479-041D-6ADE
OESA-2025-1959
OESA-2025-1960
OESA-2025-1961
OESA-2025-1963
OESA-2025-1964
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:1293-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
SUSE-SU-2025_1293-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu