CVE-2025-21718

Summary

CVE-2025-21718 is a vulnerability affecting the Linux kernel's Rose timers. This issue arises due to the timers only acquiring the socket spinlock, without checking if the socket is owned by a single user thread. Consequently, timer races against user threads can occur, leading to a use-after-free vulnerability. The flaw was identified using the KASAN memory checker and was found to impact kernel version 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176. Exploitation of this vulnerability could result in a read of uninitialized memory and potential crashes or arbitrary code execution. The issue has been resolved by adding a check and rearming the timers as needed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.