cve/published/2025/CVE-2025-21762.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-21762: arp: use RCU protection in arp_xmit()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 arp: use RCU protection in arp_xmit()

 arp_xmit() can be called without RTNL or RCU protection.

 Use RCU protection to avoid potential UAF.

 The Linux kernel CVE team has assigned CVE-2025-21762 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 5.4.291 with commit 10f555e3f573d004ae9d89b3276abb58c4ede5c3
 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 5.10.235 with commit 307cd1e2d3cb1cbc6c40c679cada6d7168b18431
 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 5.15.179 with commit d9366ac2f956a1948b68c0500f84a3462ff2ed8a
 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.1.129 with commit f189654459423d4d48bef2d120b4bfba559e6039
 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.6.79 with commit e9f4dee534eb1b225b0a120395ad9bc2afe164d3
 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.12.16 with commit 01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe
 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.13.4 with commit 2c331718d3389b6c5f6855078ab7171849e016bd
 	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.14 with commit a42b69f692165ec39db42d595f4f65a4c8f42e44

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-21762
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/ipv4/arp.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/10f555e3f573d004ae9d89b3276abb58c4ede5c3
 	https://git.kernel.org/stable/c/307cd1e2d3cb1cbc6c40c679cada6d7168b18431
 	https://git.kernel.org/stable/c/d9366ac2f956a1948b68c0500f84a3462ff2ed8a
 	https://git.kernel.org/stable/c/f189654459423d4d48bef2d120b4bfba559e6039
 	https://git.kernel.org/stable/c/e9f4dee534eb1b225b0a120395ad9bc2afe164d3
 	https://git.kernel.org/stable/c/01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe
 	https://git.kernel.org/stable/c/2c331718d3389b6c5f6855078ab7171849e016bd
 	https://git.kernel.org/stable/c/a42b69f692165ec39db42d595f4f65a4c8f42e44
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-21762: arp: use RCU protection in arp_xmit()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	arp: use RCU protection in arp_xmit()

	arp_xmit() can be called without RTNL or RCU protection.

	Use RCU protection to avoid potential UAF.

	The Linux kernel CVE team has assigned CVE-2025-21762 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 5.4.291 with commit 10f555e3f573d004ae9d89b3276abb58c4ede5c3
	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 5.10.235 with commit 307cd1e2d3cb1cbc6c40c679cada6d7168b18431
	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 5.15.179 with commit d9366ac2f956a1948b68c0500f84a3462ff2ed8a
	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.1.129 with commit f189654459423d4d48bef2d120b4bfba559e6039
	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.6.79 with commit e9f4dee534eb1b225b0a120395ad9bc2afe164d3
	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.12.16 with commit 01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe
	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.13.4 with commit 2c331718d3389b6c5f6855078ab7171849e016bd
	Issue introduced in 4.4 with commit 29a26a56803855a79dbd028cd61abee56237d6e5 and fixed in 6.14 with commit a42b69f692165ec39db42d595f4f65a4c8f42e44

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-21762
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/ipv4/arp.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/10f555e3f573d004ae9d89b3276abb58c4ede5c3
	https://git.kernel.org/stable/c/307cd1e2d3cb1cbc6c40c679cada6d7168b18431
	https://git.kernel.org/stable/c/d9366ac2f956a1948b68c0500f84a3462ff2ed8a
	https://git.kernel.org/stable/c/f189654459423d4d48bef2d120b4bfba559e6039
	https://git.kernel.org/stable/c/e9f4dee534eb1b225b0a120395ad9bc2afe164d3
	https://git.kernel.org/stable/c/01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe
	https://git.kernel.org/stable/c/2c331718d3389b6c5f6855078ab7171849e016bd
	https://git.kernel.org/stable/c/a42b69f692165ec39db42d595f4f65a4c8f42e44