CVE-2025-21640

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-21640
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21640.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21640
Downstream
Related
Published
2025-01-19T10:17:57.593Z
Modified
2026-05-15T04:12:52.996458250Z
Summary
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: sysctl: cookiehmacalg: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:

  • Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.

  • current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).

The 'net' structure can be obtained from the table->data using container_of().

Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.sctphmacalg' is used.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21640.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
5.4.292
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.234
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.177
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.125
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.72
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.10

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21640.json"