CVE-2025-21629

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue concerns the Linux kernel's handling of IPv6 packets with extension headers. Specifically, it affects devices that advertise NETIF F IPV6 CSUM, which is a feature for checksumming plain TCP or UDP packets over IPv6. The problem arises when BIG TCP packets are used, introducing an IPV6 TLV JUMBO IPv6 extension header to communicate packet length. This header is not transmitted by physical devices but is present for PF PACKET taps like tcpdump. The change that caused the issue disabled hardware offload of IPv6 packets with extension headers on devices that support NETIF F IPV6 CSUM. The ipv6 has hopopt jumbo() function tests for the presence of this header and ensures it is the only extension header before a terminal (L4) header. The issue has been resolved by reenabling NETIF F IPV6 CSUM offload for BIG TCP packets.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the skb warn bad offload() function until a patch is available. Restrict access to the vulnerable NETIF F IPV6 CSUM feature to minimize the risk of exploitation. Avoid using the IPV6 TLV JUMBO extension header in BIG TCP packets until the issue is resolved.