CVE-2025-21891

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21891
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21891.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21891
Downstream
Related
Published
2025-03-27T15:15:57Z
Modified
2025-08-09T20:01:26Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ipvlan: ensure network headers are in skb linear part

syzbot found that ipvlanprocessv6_outbound() was assuming the IPv6 network header isis present in skb->head [1]

Add the needed pskbnetworkmay_pull() calls for both IPv4 and IPv6 handlers.

[1] BUG: KMSAN: uninit-value in _ipv6addrtype+0xa2/0x490 net/ipv6/addrconfcore.c:47 _ipv6addrtype+0xa2/0x490 net/ipv6/addrconfcore.c:47 ipv6addrtype include/net/ipv6.h:555 [inline] ip6routeoutputflagsnoref net/ipv6/route.c:2616 [inline] ip6routeoutputflags+0x51/0x720 net/ipv6/route.c:2651 ip6routeoutput include/net/ip6route.h:93 [inline] ipvlanroutev6outbound+0x24e/0x520 drivers/net/ipvlan/ipvlancore.c:476 ipvlanprocessv6outbound drivers/net/ipvlan/ipvlancore.c:491 [inline] ipvlanprocessoutbound drivers/net/ipvlan/ipvlancore.c:541 [inline] ipvlanxmitmodel3 drivers/net/ipvlan/ipvlancore.c:605 [inline] ipvlanqueuexmit+0xd72/0x1780 drivers/net/ipvlan/ipvlancore.c:671 ipvlanstartxmit+0x5b/0x210 drivers/net/ipvlan/ipvlanmain.c:223 _netdevstartxmit include/linux/netdevice.h:5150 [inline] netdevstartxmit include/linux/netdevice.h:5159 [inline] xmitone net/core/dev.c:3735 [inline] devhardstartxmit+0x247/0xa20 net/core/dev.c:3751 schdirectxmit+0x399/0xd40 net/sched/schgeneric.c:343 qdiscrestart net/sched/schgeneric.c:408 [inline] _qdiscrun+0x14da/0x35d0 net/sched/schgeneric.c:416 qdiscrun+0x141/0x4d0 include/net/pktsched.h:127 nettxaction+0x78b/0x940 net/core/dev.c:5484 handlesoftirqs+0x1a0/0x7c0 kernel/softirq.c:561 _dosoftirq+0x14/0x1a kernel/softirq.c:595 dosoftirq+0x9a/0x100 kernel/softirq.c:462 _localbhenableip+0x9f/0xb0 kernel/softirq.c:389 localbhenable include/linux/bottomhalf.h:33 [inline] rcureadunlockbh include/linux/rcupdate.h:919 [inline] _devqueuexmit+0x2758/0x57d0 net/core/dev.c:4611 devqueuexmit include/linux/netdevice.h:3311 [inline] packetxmit+0x9c/0x6c0 net/packet/afpacket.c:276 packetsnd net/packet/afpacket.c:3132 [inline] packetsendmsg+0x93e0/0xa7e0 net/packet/afpacket.c:3164 socksendmsg_nosec net/socket.c:718 [inline]

References

Affected packages