CVE-2025-68241

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the IPv4 routing mechanism related to stale function handle exceptions (fnhe). Specifically, the rt bind exception() function can rebind to a function handle exception that is in the process of being freed, leading to a device reference count leak. This occurs due to a race condition between the deletion of an fnhe entry and its potential reuse by another process. The issue manifests as a warning in dmesg during net device unregistration, indicating a usage count that does not reach zero. The fix involves clearing the oldest->fnhe daddr field before calling fnhe flush routes(), preventing the stale fnhe from being rebound to a new destination just before it is freed. The vulnerability is present in the sit driver's packet transmission path, specifically within the sit tunnel xmit() and update or create fnhe() functions. The functions involved are mkroute output(), find exception(), rt bind exception(), fnhe remove oldest(), and fnhe flush routes().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.