cve/rejected/2025/CVE-2025-21755.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Orphan socket after transport release\n\nDuring socket release, sock_orphan() is called without considering that it\nsets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a\nnull pointer dereferenced in virtio_transport_wait_close().\n\nOrphan the socket only after transport release.\n\nPartially reverts the 'Fixes:' commit.\n\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n lock_acquire+0x19e/0x500\n _raw_spin_lock_irqsave+0x47/0x70\n add_wait_queue+0x46/0x230\n virtio_transport_release+0x4e7/0x7f0\n __vsock_release+0xfd/0x490\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x35e/0xa90\n __x64_sys_close+0x78/0xd0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "net/vmw_vsock/af_vsock.c"
                ],
                "versions": [
                   {
                      "version": "e7754d564579a5db9c5c9f74228df5d6dd6f1173",
                      "lessThan": "c6acb650a73d5705a93b9c5a2cd5e9c8161f0be3",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "e48fcb403c2d0e574c19683f09399ab4cf67809c",
                      "lessThan": "bab61f41c942a20ef7b4feea50e9d36d19ad1a26",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "42b33381e5e1f2b967dc4fb4221ddb9aaf10d197",
                      "lessThan": "631e00fdac7acca676103d6cbc96eb152625f449",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "3f43540166128951cc1be7ab1ce6b7f05c670d8b",
                      "lessThan": "f3b8e9d3414b2eb083d8293be25a949fe480897b",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "645ce25aa0e67895b11d89f27bb86c9d444c40f8",
                      "lessThan": "3a866f8376f0a5c848dcb59cd26df845fffbe6d8",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "b1afd40321f1c243cffbcf40ea7ca41aca87fa5e",
                      "lessThan": "94d81870eec7ad2dd7af80bffd314ded26caea1a",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "fcdd2242c0231032fc84e1404315c245ae56322a",
                      "lessThan": "78dafe1cf3afa02ed71084b350713b07e72a18fb",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "net/vmw_vsock/af_vsock.c"
                ],
                "versions": [
                   {
                      "version": "6.14-rc1",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.14-rc1",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.14-rc3",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/c6acb650a73d5705a93b9c5a2cd5e9c8161f0be3"
             },
             {
                "url": "https://git.kernel.org/stable/c/bab61f41c942a20ef7b4feea50e9d36d19ad1a26"
             },
             {
                "url": "https://git.kernel.org/stable/c/631e00fdac7acca676103d6cbc96eb152625f449"
             },
             {
                "url": "https://git.kernel.org/stable/c/f3b8e9d3414b2eb083d8293be25a949fe480897b"
             },
             {
                "url": "https://git.kernel.org/stable/c/3a866f8376f0a5c848dcb59cd26df845fffbe6d8"
             },
             {
                "url": "https://git.kernel.org/stable/c/94d81870eec7ad2dd7af80bffd314ded26caea1a"
             },
             {
                "url": "https://git.kernel.org/stable/c/78dafe1cf3afa02ed71084b350713b07e72a18fb"
             }
          ],
          "title": "vsock: Orphan socket after transport release",
          "x_generator": {
             "engine": "bippy-5f407fcff5a0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2025-21755",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Orphan socket after transport release\n\nDuring socket release, sock_orphan() is called without considering that it\nsets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a\nnull pointer dereferenced in virtio_transport_wait_close().\n\nOrphan the socket only after transport release.\n\nPartially reverts the 'Fixes:' commit.\n\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n lock_acquire+0x19e/0x500\n _raw_spin_lock_irqsave+0x47/0x70\n add_wait_queue+0x46/0x230\n virtio_transport_release+0x4e7/0x7f0\n __vsock_release+0xfd/0x490\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x35e/0xa90\n __x64_sys_close+0x78/0xd0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"net/vmw_vsock/af_vsock.c"
	],
	"versions": [
	{
	"version": "e7754d564579a5db9c5c9f74228df5d6dd6f1173",
	"lessThan": "c6acb650a73d5705a93b9c5a2cd5e9c8161f0be3",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "e48fcb403c2d0e574c19683f09399ab4cf67809c",
	"lessThan": "bab61f41c942a20ef7b4feea50e9d36d19ad1a26",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "42b33381e5e1f2b967dc4fb4221ddb9aaf10d197",
	"lessThan": "631e00fdac7acca676103d6cbc96eb152625f449",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "3f43540166128951cc1be7ab1ce6b7f05c670d8b",
	"lessThan": "f3b8e9d3414b2eb083d8293be25a949fe480897b",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "645ce25aa0e67895b11d89f27bb86c9d444c40f8",
	"lessThan": "3a866f8376f0a5c848dcb59cd26df845fffbe6d8",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "b1afd40321f1c243cffbcf40ea7ca41aca87fa5e",
	"lessThan": "94d81870eec7ad2dd7af80bffd314ded26caea1a",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "fcdd2242c0231032fc84e1404315c245ae56322a",
	"lessThan": "78dafe1cf3afa02ed71084b350713b07e72a18fb",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"net/vmw_vsock/af_vsock.c"
	],
	"versions": [
	{
	"version": "6.14-rc1",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.14-rc1",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.14-rc3",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/c6acb650a73d5705a93b9c5a2cd5e9c8161f0be3"
	},
	{
	"url": "https://git.kernel.org/stable/c/bab61f41c942a20ef7b4feea50e9d36d19ad1a26"
	},
	{
	"url": "https://git.kernel.org/stable/c/631e00fdac7acca676103d6cbc96eb152625f449"
	},
	{
	"url": "https://git.kernel.org/stable/c/f3b8e9d3414b2eb083d8293be25a949fe480897b"
	},
	{
	"url": "https://git.kernel.org/stable/c/3a866f8376f0a5c848dcb59cd26df845fffbe6d8"
	},
	{
	"url": "https://git.kernel.org/stable/c/94d81870eec7ad2dd7af80bffd314ded26caea1a"
	},
	{
	"url": "https://git.kernel.org/stable/c/78dafe1cf3afa02ed71084b350713b07e72a18fb"
	}
	],
	"title": "vsock: Orphan socket after transport release",
	"x_generator": {
	"engine": "bippy-5f407fcff5a0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2025-21755",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}