CVE-2025-21759

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 27, 2025

CWE ID 416

Summary

CVE-2025-21759 is a vulnerability affecting the Linux kernel's ipv6 subsystem. The issue lies in the function igmp6_send(), which can be called without the necessary RTNL or RCU (Read-Copy-Update) locks held. This lack of protection can lead to a use-after-free (UAF) vulnerability. To mitigate the risk, RCU protection has been extended in igmp6_send(), and the function now uses alloc_skb() instead of sock_alloc_send_skb() to allocate send sockets under RCU protection. The change eliminates the need for the potentially sleep-prone GFP_KERNEL allocations used by ipv6.igmp_sk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3xnlAy
https://www.cve.org/CVERecord?id=CVE-2025-21759
https://nvd.nist.gov/vuln/detail/CVE-2025-21759

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners