CVE-2025-68341

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists within the veth module when handling XDP (eXpress Data Path) with no direct return frames. Specifically, the issue arises from concurrent calls to veth pool() in threaded-NAPI mode, potentially leading to incorrect handling of BPF (Berkeley Packet Filter) net contexts stored in the current task structure. The problem stems from the nested nature of xdp clear return frame no direct() and the potential for another CPU to initiate a new NAPI instance while a previous instance is still executing. This race condition can occur when exiting NAPI and starting a new NAPI instance, both utilizing the same BPF net context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-68341

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68341

Related Identifiers

Affected Products

References · 661