CVE-2025-21891

Summary

CVE-2025-21891: A vulnerability was identified in the Linux kernel's ipvlan module, specifically in ipvlan_process_v6_outbound(). This issue occurred due to the assumption that IPv6 network headers were present in skb->head. To mitigate this, the necessary pskb_network_may_pull() calls were added for both IPv4 and IPv6 handlers. This oversight led to a use-after-free condition, potentially resulting in a kernel memory corruption. The vulnerability was discovered in net/ipv6/addrconf_core.c and affected multiple functions including ipv6_addr_type, ipvlan_route_v6_outbound, and ipvlan_process_outbound. Exploitation of this issue could lead to a denial-of-service or potentially more serious consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.