CVE-2025-21636

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue concerns the use of the current->nsproxy in the Linux kernel, specifically in the sctp module. This usage is not recommended due to inconsistency and potential null pointer dereferences. The net structure can be obtained from table->data using container of(). This problem can lead to an 'Oops' (null-ptr-deref) in certain cases, such as when the current task is exiting.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider modifying the code to use table->data directly instead of current->nsproxy to avoid potential null pointer dereferences. Restrict access to the vulnerable sctp module to minimize the risk of exploitation until the update can be applied.