CVE-2025-21678

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.177, 6.1.127, 6.6.74, and 6.12.11

Description The issue is related to the gtp newlink() function in the Linux kernel's drivers/net/gtp.c module. It incorrectly links a device to a list in dev net(dev) instead of src net, where a UDP tunnel socket is created. This can cause the device to remain active even after src net is removed, leading to a potential denial-of-service condition. The vulnerability can be exploited by creating a GTP device in one network namespace and a UDP socket in another, then removing the first namespace.

Recommendations To resolve the issue, update the Linux kernel to version 5.15.177, 6.1.127, 6.6.74, or 6.12.11, or later. As a temporary workaround, consider restricting the creation of GTP devices and UDP sockets to the same network namespace to minimize the risk of exploitation. Additionally, be cautious when using the ip netns command to manage network namespaces, as removing a namespace can trigger the vulnerability.