CVE-2025-21925

MEDIUM EPSS 8.3%
Published Apr 1, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: llc: do not use skb_get() before dev_queue_xmit() syzbot is able to crash hosts [1], using llc and devices not supporting IFF_TX_SKB_SHARING. In this case, e1000 driver calls eth_skb_pad(), while the skb is shared. Simply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c Note that e1000 driver might have an issue with pktgen, because it does not clear IFF_TX_SKB_SHARING, this is an orthogonal change. We need to audit other skb_get() uses in net/llc. [1] kernel BUG at net/core/skbuff.c:2178 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178 Call Trace: <TASK> __skb_pad+0x18a/0x610 net/core/skbuff.c:2466 __skb_put_padto include/linux/skbuff.h:3843 [inline] skb_put_padto include/linux/skbuff.h:3862 [inline] eth_skb_pad include/linux/etherdevice.h:656 [inline] e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128 __netdev_start_xmit include/linux/netdevice.h:5151 [inline] netdev_start_xmit include/linux/netdevice.h:5160 [inline] xmit_one net/core/dev.c:3806 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822 sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343 __dev_xmit_skb net/core/dev.c:4045 [inline] __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621 dev_queue_xmit include/linux/netdevice.h:3313 [inline] llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209 llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993 sock_sendmsg_nosec net/socket.c:718 [inline]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥2.6.13  –  <5.4.291
linuxlinux_kernel*≥5.5  –  <5.10.235
linuxlinux_kernel*≥5.11  –  <5.15.179
linuxlinux_kernel*≥5.16  –  <6.1.131
linuxlinux_kernel*≥6.2  –  <6.6.83
linuxlinux_kernel*≥6.7  –  <6.12.19
linuxlinux_kernel*≥6.13  –  <6.13.7
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/056e8a46d79e22983bae4267e0d9c52927076f46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f764208dc24ea043c3e20194d32aebf94f8459c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/13f3f872627f0f27c31245524fc11367756240ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/17f86e25431ebc15aa9245ff156414fdad47822d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/416e8b4c20c6398044e93008deefd563289f477d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64e6a754d33d31aa844b3ee66fb93ac84ca1565e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b6f083db141ece0024be01526aa05aa978811cb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd1c44327bbbd50fc24f2b38892f5f328b784d0f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/056e8a46d79e22983bae4267e0d9c52927076f46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f764208dc24ea043c3e20194d32aebf94f8459c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/13f3f872627f0f27c31245524fc11367756240ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/17f86e25431ebc15aa9245ff156414fdad47822d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/416e8b4c20c6398044e93008deefd563289f477d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64e6a754d33d31aa844b3ee66fb93ac84ca1565e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b6f083db141ece0024be01526aa05aa978811cb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd1c44327bbbd50fc24f2b38892f5f328b784d0f
    Patch