CVE-2025-68188

Опубликовано: 16 дек. 2025

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags.

A potential use-after-free was found in the TCP Fast Open implementation in the Linux kernel. The tcp_fastopen_active_disable_ofo_check() function accesses dst_dev()->flags without proper RCU protection, which could lead to accessing a freed network device structure.

Отчет

This is a correctness fix to use proper RCU primitives. The race window is narrow and triggering it requires specific network conditions during TCP Fast Open operations.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-821

https://bugzilla.redhat.com/show_bug.cgi?id=2422738kernel: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

EPSS

Процентиль: 7%

0.00025

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-68188

ubuntu

3 месяца назад

CVE-2025-68188

nvd

3 месяца назад

CVE-2025-68188

msrc

3 месяца назад

tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

CVE-2025-68188

debian

3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: t ...

GHSA-3mc8-x7c9-wfw9

github

3 месяца назад

EPSS

Процентиль: 7%

0.00025

Низкий

5.5 Medium

CVSS3