{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21764", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.761Z", "datePublished": "2025-02-27T02:18:15.598Z", "dateUpdated": "2025-05-04T07:20:36.864Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:20:36.864Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ndisc.c"], "versions": [{"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "96fc896d0e5b37c12808df797397fb16f3080879", "status": "affected", "versionType": "git"}, {"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1", "status": "affected", "versionType": "git"}, {"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "b870256dd2a5648d5ed2f22316b3ac29a7e5ed63", "status": "affected", "versionType": "git"}, {"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "3c2d705f5adf5d860aaef90cb4211c0fde2ba66d", "status": "affected", "versionType": "git"}, {"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "9e0ec817eb41a55327a46cd3ce331a9868d60304", "status": "affected", "versionType": "git"}, {"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "bbec88e4108e8d6fb468d3817fa652140a44ff28", "status": "affected", "versionType": "git"}, {"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "cd1065f92eb7ff21b9ba5308a86f33d1670bf926", "status": "affected", "versionType": "git"}, {"version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "628e6d18930bbd21f2d4562228afe27694f66da9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ndisc.c"], "versions": [{"version": "3.9", "status": "affected"}, {"version": "0", "lessThan": "3.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.291", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.235", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.179", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.129", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.79", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.16", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.4", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "5.4.291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "5.10.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "5.15.179"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.1.129"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.6.79"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.12.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.13.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879"}, {"url": "https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1"}, {"url": "https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63"}, {"url": "https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d"}, {"url": "https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304"}, {"url": "https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28"}, {"url": "https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926"}, {"url": "https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9"}], "title": "ndisc: use RCU protection in ndisc_alloc_skb()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-21764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-27T17:57:20.278381Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T18:02:26.827Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-21764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-27T17:57:20.278381Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T17:57:21.860Z"}}], "cna": {"title": "ndisc: use RCU protection in ndisc_alloc_skb()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "96fc896d0e5b37c12808df797397fb16f3080879", "versionType": "git"}, {"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1", "versionType": "git"}, {"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "b870256dd2a5648d5ed2f22316b3ac29a7e5ed63", "versionType": "git"}, {"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "3c2d705f5adf5d860aaef90cb4211c0fde2ba66d", "versionType": "git"}, {"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "9e0ec817eb41a55327a46cd3ce331a9868d60304", "versionType": "git"}, {"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "bbec88e4108e8d6fb468d3817fa652140a44ff28", "versionType": "git"}, {"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "cd1065f92eb7ff21b9ba5308a86f33d1670bf926", "versionType": "git"}, {"status": "affected", "version": "de09334b9326632bbf1a74bfd8b01866cbbf2f61", "lessThan": "628e6d18930bbd21f2d4562228afe27694f66da9", "versionType": "git"}], "programFiles": ["net/ipv6/ndisc.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.9"}, {"status": "unaffected", "version": "0", "lessThan": "3.9", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.291", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.235", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.179", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.129", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.79", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.12.16", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.13.4", "versionType": "semver", "lessThanOrEqual": "6.13.*"}, {"status": "unaffected", "version": "6.14", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv6/ndisc.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879"}, {"url": "https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1"}, {"url": "https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63"}, {"url": "https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d"}, {"url": "https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304"}, {"url": "https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28"}, {"url": "https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926"}, {"url": "https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.291", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.235", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.179", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.129", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.79", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12.16", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.13.4", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.14", "versionStartIncluding": "3.9"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:20:36.864Z"}}}, "cveMetadata": {"cveId": "CVE-2025-21764", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:20:36.864Z", "dateReserved": "2024-12-29T08:45:45.761Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-02-27T02:18:15.598Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BD368ED-3AC5-40FF-A5A4-4F022A3F9DF3", "versionEndExcluding": "5.4.291", "versionStartIncluding": "3.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "545121FA-DE31-4154-9446-C2000FB4104D", "versionEndExcluding": "5.10.235", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C708062C-4E1B-465F-AE6D-C09C46400875", "versionEndExcluding": "5.15.179", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DA5009C-C9B9-4A1D-9B96-78427E8F232C", "versionEndExcluding": "6.1.129", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B16AADE5-B2FD-4C14-B4E4-85E8EDAFE775", "versionEndExcluding": "6.6.79", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC", "versionEndExcluding": "6.12.16", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4", "versionEndExcluding": "6.13.4", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ndisc: usar protecci\u00f3n RCU en ndisc_alloc_skb() ndisc_alloc_skb() se puede llamar sin que se mantenga RTNL o RCU. Agregue protecci\u00f3n RCU para evitar posibles UAF."}], "id": "CVE-2025-21764", "lastModified": "2025-03-21T15:44:00.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-27T03:15:17.063", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/96fc896d0e5b37c12808df797397fb16f3080879"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b870256dd2a5648d5ed2f22316b3ac29a7e5ed63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c30893ef3d9cde8e7e8e4fd06b53d2c935bbccb1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:9079", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "kernel-0:6.12.0-55.17.1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-16T00:00:00Z"}, {"advisory": "RHSA-2025:9581", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.58.1.rt7.399.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9580", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.58.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9490", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "kernel-0:4.18.0-193.154.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9497", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "kernel-0:4.18.0-305.159.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9498", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.149.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9498", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.149.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9498", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.149.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:8333", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.19.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8333", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.19.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:9494", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.134.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9493", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.134.1.rt21.206.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9491", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "kernel-0:5.14.0-284.121.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9492", "cpe": "cpe:/a:redhat:rhel_e4s:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.121.1.rt14.406.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9584", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.74.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-25T00:00:00Z"}], "bugzilla": {"description": "kernel: ndisc: use RCU protection in ndisc_alloc_skb()", "id": "2348575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348575"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nndisc: use RCU protection in ndisc_alloc_skb()\nndisc_alloc_skb() can be called without RTNL or RCU being held.\nAdd RCU protection to avoid possible UAF.", "A vulnerability was found in the Linux kernel's IPv6 Neighbor Discovery (NDISC) subsystem, which manages network neighbor information. The issue arises from improper synchronization mechanisms when allocating socket buffers (sk_buff) in the ndisc_alloc_skb() function. Specifically, the function can be called without holding the necessary Read-Copy-Update (RCU) or Routing Netlink (RTNL) locks, leading to a potential use-after-free (UAF) condition. This flaw allows an attacker with local access and low privileges to exploit the race condition, potentially causing system instability or crashes."], "name": "CVE-2025-21764", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21764\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21764\nhttps://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21764-1061@gregkh/T"], "statement": "Red Hat Product Security has rated this bug as Moderate due to the following:\nDifficult to exploit reliably:\n* Requires winning a race condition in the kernel.\n* No known public PoC or exploitation.\n* Might be nondeterministic and hard to control memory reuse.\nMay not lead to code execution:\n* Use After Free doesn\u2019t automatically mean control.\n* Many kernel UAFs cause crashes but not privilege escalation or info leaks unless paired with other bugs.\nLimited exposure:\n* Requires IPv6 to be enabled.\n* Possibly depends on attacker having raw socket access or other local privileges.\n* Mitigations Like KASLR, SLAB hardening, and SELinux may further reduce practical risk.", "threat_severity": "Moderate"}