PT-2025-14319 · Linux+6 · Linux Kernel+6

Published

2025-03-03

·

Updated

2026-01-20

·

CVE-2025-21938

CVSS v2.0

5.4

Medium

VectorAV:N/AC:H/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue arises when multiple connection requests attempt to create an implicit mptcp endpoint in parallel, potentially leading to the deletion of address entries created by previous callers. This can occur when the function mptcp pm nl append new local addr is called, which may use synchronize rcu in contexts where it is not permitted. The problem is particularly prevalent when a user advertises an endpoint with different external and internal addresses, and multiple connections already exist. This can trigger a race during the creation of the first local address list entries.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2025-04614
CVE-2025-21938
DLA-4193-1
DSA-5900-1
ECHO-0D69-EB6C-7629
OESA-2025-1874
OESA-2025-1879
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7521-1
USN-7521-2
USN-7521-3
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu