#VU105035 Input validation error in Linux kernel - CVE-2025-21787

Cybersecurity Help s.r.o.

Published: 2025-02-27 | Updated: 2025-05-11

Vulnerability identifier: #VU105035

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21787

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.6.26, 6.6.27, 6.6.28, 6.6.29, 6.6.30, 6.6.31, 6.6.32, 6.6.33, 6.6.34, 6.6.35, 6.6.36, 6.6.37, 6.6.38, 6.6.39, 6.6.40, 6.6.41, 6.6.42, 6.6.43, 6.6.44, 6.6.45, 6.6.46, 6.6.47, 6.6.48, 6.6.49, 6.6.50, 6.6.51, 6.6.52, 6.6.53, 6.6.54, 6.6.55, 6.6.56, 6.6.57, 6.6.58, 6.6.59, 6.6.60, 6.6.61, 6.6.62, 6.6.63, 6.6.64, 6.6.65, 6.6.66, 6.6.67, 6.6.68, 6.6.69, 6.6.70, 6.6.71, 6.6.72, 6.6.73, 6.6.74, 6.6.75, 6.6.76, 6.6.77, 6.6.78

External links
https://git.kernel.org/stable/c/4236bf4716589558cc0f3c3612642b2c2141b04e
https://git.kernel.org/stable/c/4512482e4805dd30bc77dec511f2a2edba5cb868
https://git.kernel.org/stable/c/5bef3ac184b5626ea62385d6b82a1992b89d7940
https://git.kernel.org/stable/c/8401cade1918281177974b32c925afdce750d292
https://git.kernel.org/stable/c/d071a91fa614ecdf760c29f61f6a7bfb7df796d6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.79

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-aws-5.15

Ubuntu update for linux-aws

Ubuntu update for linux-aws-5.4

Ubuntu update for linux-aws-fips

Ubuntu update for linux

Ubuntu update for linux-raspi-5.4

Ubuntu update for linux-raspi

Ubuntu update for linux-lowlatency

Ubuntu update for linux-aws

Ubuntu update for linux-aws-fips