CVE-2025-22103

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the l3mdev l3 rcv function. This issue occurs when deleting an l3s ipvlan, which can cause a null pointer dereference. The problem arises because l3mdev l3 rcv() visits dev->l3mdev ops after ipvlan l3s unregister() assigns dev->l3mdev ops to NULL. This can happen due to a race condition between two CPUs. The estimated number of potentially affected devices worldwide is not available.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in l3mdev l3 rcv. As a temporary workaround, consider avoiding the deletion of l3s ipvlan until a patch is available. However, the exact steps for mitigation are not specified, and the best course of action is to wait for an official patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.