PT-2025-14301 · Linux+10 · Linux Kernel+10

Published

2025-03-03

·

Updated

2026-04-20

·

CVE-2025-21920

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A bug in the Linux kernel allows VLAN devices to be created on top of non-ethernet devices, which can cause an out-of-bounds read and leak the address of a kernel function to usermode. This occurs when initializing GARP and MRP for the underlying device, as the multicast address of each applicant is added to the underlying device using dev mc add, which uses dev->addr len to determine the length of the new multicast address. If dev->addr len is greater than 6, this causes an out-of-bounds read since the multicast addresses provided by GARP and MRP are only 6 bytes long.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-665

Related Identifiers

ALSA-2025:8643
ALT-PU-2025-12647
ALT-PU-2025-5437
ALT-PU-2025-5786
AZL-59943
AZL-59976
BDU:2025-03891
CVE-2025-21920
DLA-4178-1
DLA-4193-1
DSA-5900-1
ECHO-C174-AB42-F783
INFSA-2025_8643
OESA-2025-1874
OESA-2025-1879
OESA-2025-2005
OESA-2025-2006
RHSA-2025:8643
RHSA-2025_8643
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02334-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20475-1
SUSE-SU-2025:20483-1
SUSE-SU-2025:20493-1
SUSE-SU-2025:20498-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02334-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7510-1
USN-7510-2
USN-7510-3
USN-7510-4
USN-7510-5
USN-7510-6
USN-7510-7
USN-7510-8
USN-7511-1
USN-7511-2
USN-7511-3
USN-7512-1
USN-7516-1
USN-7516-2
USN-7516-3
USN-7516-4
USN-7516-5
USN-7516-6
USN-7516-7
USN-7516-8
USN-7516-9
USN-7517-1
USN-7517-2
USN-7517-3
USN-7518-1
USN-7539-1
USN-7540-1
USN-7593-1
USN-7602-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7640-1
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu