SB20250422165 - Resource management error in Linux kernel ipv6 netfilter

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2025-22021)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_sk_lookup_slow_v6() function in net/ipv6/netfilter/nf_socket_ipv6.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1ca2169cc19dca893c7aae6af122852097435d16
• https://git.kernel.org/stable/c/1ec43100f7123010730b7ddfc3d5c2eac19e70e7
• https://git.kernel.org/stable/c/221c27259324ec1404f028d4f5a0f2ae7f63ee23
• https://git.kernel.org/stable/c/2bb139e483f8cbe488d19d8c1135ac3615e2668c
• https://git.kernel.org/stable/c/41904cbb343d115931d6bf79aa2c815cac4ef72b
• https://git.kernel.org/stable/c/5251041573850e5020cd447374e23010be698898
• https://git.kernel.org/stable/c/58ab63d3ded2ca6141357a2b24eee8453d0f871d
• https://git.kernel.org/stable/c/6488b96a79a26e19100ad872622f04e93b638d7f
• https://git.kernel.org/stable/c/932b32ffd7604fb00b5c57e239a3cc4d901ccf6e
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.236
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.180
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.133
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.22
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.1
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.86