CVE-2025-68813

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.114

Description The Linux kernel contains a flaw within the IPv4 code path in the ip vs get out rt() function. This function can call dst link failure() without verifying that skb->dev is set, leading to a NULL pointer dereference in fib compute spec dst() when attempting to send ICMP destination unreachable messages. This issue arises when IPVS processes a packet in NAT mode with a misconfigured destination, route lookup fails, and the error path is triggered. Specifically, the vulnerability occurs when fib compute spec dst() attempts to access skb->dev directly, which is NULL in certain scenarios. The root cause is related to changes introduced in a previous commit and an incomplete fix attempt. The crash can be triggered by a misconfigured destination and a failed route lookup, ultimately leading to a dereference of a NULL pointer within the fib compute spec dst() function.

Recommendations Update to Linux kernel version 6.6.114 or later.