PT-2025-9014 · Linux+6 · Linux Kernel+6
Published
2025-01-22
·
Updated
2026-04-20
·
CVE-2025-21823
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel's batman-adv module has been resolved. The issue was related to the ELP metric worker, which calculates new metric values for all neighbors "reachable" over an interface. The problem arose because some metric sources required locks that might need to sleep, which is incompatible with the RCU list iterator used for the recorded neighbors. This could lead to potential invalid memory accesses. The vulnerability was resolved by getting rid of the per interface neighbor metric worker and handling everything in the interface worker.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu