PT-2025-4323 · Linux+3 · Linux Kernel+3

Syzbot

Published

2025-01-09

Updated

2025-10-03

CVE-2025-21642

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to the use of the 'net' structure via 'current' in the Linux kernel, which is not recommended due to inconsistencies with how generic sysctl entries are handled and potential null pointer dereferences when accessing current->nsproxy->netns. This can lead to general protection faults, as observed by syzbot when using acct(2). The vulnerability is resolved by avoiding the use of current->nsproxy in the mptcp sysctl sched.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider restricting access to the vulnerable sysctl entries until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647

BDU:2025-15319

CVE-2025-21642

MGASA-2025-0030

MGASA-2025-0032

OESA-2025-1320

OESA-2025-1321

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

USN-7513-1

USN-7513-2

USN-7513-3

USN-7513-4

USN-7513-5

USN-7514-1

USN-7515-1

USN-7515-2

USN-7522-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2025-4323 · Linux+3 · Linux Kernel+3

CVE-2025-21642

Weakness Enumeration

Related Identifiers

Affected Products

References · 872