CVE-2025-21763

HIGH EPSS 13.5%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
13.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥2.6.25  –  <5.4.291
linuxlinux_kernel*≥5.5  –  <5.10.235
linuxlinux_kernel*≥5.11  –  <5.15.179
linuxlinux_kernel*≥5.16  –  <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.79
linuxlinux_kernel*≥6.7  –  <6.12.16
linuxlinux_kernel*≥6.13  –  <6.13.4
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40d8f2f2a373b6c294ffac394d2bb814b572ead1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/559307d25235e24b5424778c7332451b6c741159
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/784eb2376270e086f7db136d154b8404edacf97b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8666e9aab801328c1408a19fbf4070609dc0695a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/becbd5850c03ed33b232083dd66c6e38c0c0e569
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdd5c2a12ddad8a77ce1838ff9f29aa587de82df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1aed6be381bcd7f46d4ca9d7ef0f5f3d6a1be32
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40d8f2f2a373b6c294ffac394d2bb814b572ead1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/559307d25235e24b5424778c7332451b6c741159
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/784eb2376270e086f7db136d154b8404edacf97b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8666e9aab801328c1408a19fbf4070609dc0695a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/becbd5850c03ed33b232083dd66c6e38c0c0e569
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdd5c2a12ddad8a77ce1838ff9f29aa587de82df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1aed6be381bcd7f46d4ca9d7ef0f5f3d6a1be32
    Patch