CVE-2025-21858

Summary

CVE-2025-21858 is a use-after-free vulnerability affecting the Linux kernel's geneve driver. The issue was discovered in the function geneve_find_dev(), where a dev_net variable could differ from dev_net(dev) due to certain netlink flags being set. When the net device is dismantled and its corresponding net is freed, the geneve_dev.next pointer remains linked to the backend UDP socket netns, leading to a use-after-free condition when a new geneve device is created. To mitigate this vulnerability, it is recommended to call geneve_dellink() instead of unregister_netdevice_queue() in geneve_destroy_tunnels(). This issue was initially reported by syzkaller and was confirmed with a KASAN stack trace.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.