PT-2025-8872 · Linux+7 · Linux Kernel+7
Eric Dumazet
·
Published
2025-02-07
·
Updated
2026-04-20
·
CVE-2025-21760
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved. The issue is related to the ndisc send skb() function, which can be called without RTNL or RCU held, potentially leading to a use-after-free (UAF) condition. To address this, RCU protection has been extended in ndisc send skb() by acquiring rcu read lock() earlier, allowing the use of dev net rcu().
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu