CVE-2025-21761

Опубликовано: 27 фев. 2025

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RCU protection and dev_net_rcu() to avoid potential UAF.

Отчет

The bug could happen only if vSwitch (that is a multilayer Ethernet switch) being used. The security impact is limited, because no known way how unprivileged user can trigger it.

Меры по смягчению последствий

To mitigate this issue, prevent module openvswitch from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel	Will not fix
Red Hat Enterprise Linux 9	kernel-rt	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2348612kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

EPSS

Процентиль: 9%

0.00036

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2025-21761

CVSS3: 7.8

ubuntu

5 месяцев назад

CVE-2025-21761

CVSS3: 7.8

nvd

5 месяцев назад

CVE-2025-21761

CVSS3: 7.8

msrc

3 месяца назад

Описание отсутствует

CVE-2025-21761

CVSS3: 7.8

debian

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: o ...

GHSA-q6cq-g5qv-hwc8

CVSS3: 7.8

github

5 месяцев назад

EPSS

Процентиль: 9%

0.00036

Низкий

7 High

CVSS3