DEBIAN-CVE-2025-21891

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2025-21891

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-21891.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-21891

Upstream

CVE-2025-21891

Published

2025-03-27T15:15:57Z

Modified

2025-09-19T07:34:25.804717Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound() was assuming the IPv6 network header isis present in skb->head [1] Add the needed pskbnetworkmaypull() calls for both IPv4 and IPv6 handlers. [1] BUG: KMSAN: uninit-value in _ipv6addrtype+0xa2/0x490 net/ipv6/addrconfcore.c:47 _ipv6addrtype+0xa2/0x490 net/ipv6/addrconfcore.c:47 ipv6addrtype include/net/ipv6.h:555 [inline] ip6routeoutputflagsnoref net/ipv6/route.c:2616 [inline] ip6routeoutputflags+0x51/0x720 net/ipv6/route.c:2651 ip6routeoutput include/net/ip6route.h:93 [inline] ipvlanroutev6outbound+0x24e/0x520 drivers/net/ipvlan/ipvlancore.c:476 ipvlanprocessv6outbound drivers/net/ipvlan/ipvlancore.c:491 [inline] ipvlanprocessoutbound drivers/net/ipvlan/ipvlancore.c:541 [inline] ipvlanxmitmodel3 drivers/net/ipvlan/ipvlancore.c:605 [inline] ipvlanqueuexmit+0xd72/0x1780 drivers/net/ipvlan/ipvlancore.c:671 ipvlanstartxmit+0x5b/0x210 drivers/net/ipvlan/ipvlanmain.c:223 _netdevstartxmit include/linux/netdevice.h:5150 [inline] netdevstartxmit include/linux/netdevice.h:5159 [inline] xmitone net/core/dev.c:3735 [inline] devhardstartxmit+0x247/0xa20 net/core/dev.c:3751 schdirectxmit+0x399/0xd40 net/sched/schgeneric.c:343 qdiscrestart net/sched/schgeneric.c:408 [inline] _qdiscrun+0x14da/0x35d0 net/sched/schgeneric.c:416 qdiscrun+0x141/0x4d0 include/net/pktsched.h:127 nettxaction+0x78b/0x940 net/core/dev.c:5484 handlesoftirqs+0x1a0/0x7c0 kernel/softirq.c:561 _dosoftirq+0x14/0x1a kernel/softirq.c:595 dosoftirq+0x9a/0x100 kernel/softirq.c:462 _localbhenableip+0x9f/0xb0 kernel/softirq.c:389 localbhenable include/linux/bottomhalf.h:33 [inline] rcureadunlockbh include/linux/rcupdate.h:919 [inline] _devqueuexmit+0x2758/0x57d0 net/core/dev.c:4611 devqueuexmit include/linux/netdevice.h:3311 [inline] packetxmit+0x9c/0x6c0 net/packet/afpacket.c:276 packetsnd net/packet/afpacket.c:3132 [inline] packetsendmsg+0x93e0/0xa7e0 net/packet/afpacket.c:3164 socksendmsg_nosec net/socket.c:718 [inline]

References

https://security-tracker.debian.org/tracker/CVE-2025-21891

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.133-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

6.1.106-1

6.1.106-2

6.1.106-3

6.1.112-1

6.1.115-1

6.1.119-1

6.1.123-1

6.1.124-1

6.1.128-1

6.1.129-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.19-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.19-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / linux-6.1

Package

Name: linux-6.1
Purl: pkg:deb/debian/linux-6.1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.137-1~deb11u1

Affected versions

6.*

6.1.106-3~deb11u1

6.1.106-3~deb11u2

6.1.106-3~deb11u3

6.1.112-1~deb11u1

6.1.119-1~deb11u1

6.1.128-1~deb11u1

6.1.129-1~deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}