PT-2025-8902 · Linux+10 · Linux Kernel+10

Syzbot

·

Published

2025-02-10

·

Updated

2026-04-20

·

CVE-2025-21790

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc1-syzkaller-00276-g69b54314c975
Description A vulnerability in the Linux kernel has been identified, where the vxlan init() function fails to check the return value of vxlan vnigroup init(), potentially leading to a crash. This issue was spotted by syzbot and is characterized by a general protection fault, likely due to a non-canonical address. The vulnerability is related to a null pointer dereference in the vxlan vnigroup uninit() function.
Recommendations For Linux kernel versions prior to 6.14.0-rc1-syzkaller-00276-g69b54314c975, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, disabling the vxlan vnigroup uninit() function may help prevent the crash, but this is not a recommended long-term solution.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:20095
ALSA-2025:20518
ALT-PU-2025-12647
AZL-57962
BDU:2025-12195
CVE-2025-21790
DLA-4102-1
INFSA-2025_20518
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_0847-1
OPENSUSE-SU-2025_0856-1
OPENSUSE-SU-2025_0955-1
RHSA-2025:20095
RHSA-2025:20518
RHSA-2025_20518
SUSE-SU-2025:01919-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:0856-1
SUSE-SU-2025:0955-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0847-1
SUSE-SU-2025_0856-1
SUSE-SU-2025_0955-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7703-1
USN-7703-2
USN-7703-3
USN-7703-4
USN-7719-1
USN-7737-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu