PT-2025-4316 · Linux+5 · Linux Kernel+5

Published

2025-01-09

·

Updated

2026-05-26

·

CVE-2025-21635

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, specifically in the RDS component. The issue was related to the use of current->nsproxy, which is not recommended due to inconsistency and potential null pointer dereferences. The problem occurred when getting information from the reader's/writer's netns versus only from the opener's netns, and current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref). The per-netns structure can be obtained from the table->data using container of(), then the 'net' one can be retrieved from the listen socket (if available).
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
AZL-57534
AZL-57546
BDU:2025-15371
CVE-2025-21635
ECHO-4866-3EDD-BF66
OESA-2025-1463
OESA-2025-1464
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01600-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01600-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu