#VU105081 Race condition in Linux kernel - CVE-2025-21719

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU105081

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21719

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/15a901361ec3fb1c393f91880e1cbf24ec0a88bd
https://git.kernel.org/stable/c/26bb7d991f04eeef47dfad23e533834995c26f7a
https://git.kernel.org/stable/c/57177c5f47a8da852f8d76cf6945cf803f8bb9e5
https://git.kernel.org/stable/c/a099834a51ccf9bbba3de86a251b3433539abfde
https://git.kernel.org/stable/c/b379b3162ff55a70464c6a934ae9bf0497478a62

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components

openEuler 24.03 LTS SP1 update for kernel

openEuler 24.03 LTS update for kernel

SUSE update for the Linux Kernel

openEuler 22.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP3 update for kernel

SUSE update for the Linux Kernel

Race condition in Linux kernel ipv4