CVE-2026-52925

NONE EPSS 6.0%
Published Jun 24, 20261w ago · Modified Jun 24, 20261w ago
Find Similar
Published Jun 24, 2026 1w ago
Last Modified Jun 24, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netif_is_l3_slave() assume that a subsequent call to netdev_master_upper_dev_get_rcu() will return a VRF device. They then continue to dereference its l3mdev operations. This assumption is not always correct and can result in a NPD [1]. There is no RCU synchronization when removing a port from a VRF, so it is possible for an RCU reader to see a new master device (e.g., a bridge) that does not have l3mdev operations. Fix by adding RCU synchronization after clearing the IFF_L3MDEV_SLAVE flag. Skip this synchronization when a net device is removed from a VRF as part of its deletion and when the VRF device itself is deleted. In the latter case an RCU grace period will pass by the time RTNL is released. [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:l3mdev_fib_table_rcu (net/l3mdev/l3mdev.c:181) [...] Call Trace: <TASK> l3mdev_fib_table_by_index (net/l3mdev/l3mdev.c:201 net/l3mdev/l3mdev.c:189) __inet_bind (net/ipv4/af_inet.c:499 (discriminator 3)) inet_bind_sk (net/ipv4/af_inet.c:469) __sys_bind (./include/linux/file.h:62 (discriminator 1) ./include/linux/file.h:83 (discriminator 1) net/socket.c:1951 (discriminator 1)) __x64_sys_bind (net/socket.c:1969 (discriminator 1) net/socket.c:1967 (discriminator 1) net/socket.c:1967 (discriminator 1)) do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)

Threat Intelligence

EPSS Exploit Probability
6.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2674d603a9e6970463b2b9ebcf8e31e90beae169
  • git.kernel.org https://git.kernel.org/stable/c/2c022f582fd16a470df6ed9e7fb7e9fc48946d49
  • git.kernel.org https://git.kernel.org/stable/c/3db8d078f7f652379ee394132b169d304f6eb4c1
  • git.kernel.org https://git.kernel.org/stable/c/468defa0b70902a22f4478c1207624bc1b31c124
  • git.kernel.org https://git.kernel.org/stable/c/4ab6fc60ed5a0344b60711b09bff1dc238d8d6a4
  • git.kernel.org https://git.kernel.org/stable/c/8c2b792f04a3db97c9d8d2a45817e93f8884baf5
  • git.kernel.org https://git.kernel.org/stable/c/a7a97f2303e63ede105c1d55ef53dc497364e11d
  • git.kernel.org https://git.kernel.org/stable/c/d47204c127992da0c976ac9747070a575912e0fe

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.