CVE-2025-21716
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21716
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21716.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21716
- Downstream
- Related
- Published
- 2025-02-27T02:15:15Z
- Modified
- 2025-10-01T21:16:40Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vxlan: Fix uninit-value in vxlanvnifilterdump()
KMSAN reported an uninit-value access in vxlanvnifilterdump() [1].
If the length of the netlink message payload is less than sizeof(struct tunnelmsg), vxlanvnifilter_dump() accesses bytes beyond the message. This can lead to uninit-value access. Fix this by returning an error in such situations.
[1] BUG: KMSAN: uninit-value in vxlanvnifilterdump+0x328/0x920 drivers/net/vxlan/vxlanvnifilter.c:422 vxlanvnifilterdump+0x328/0x920 drivers/net/vxlan/vxlanvnifilter.c:422 rtnldumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786 netlinkdump+0x93e/0x15f0 net/netlink/afnetlink.c:2317 netlinkdumpstart+0x716/0xd60 net/netlink/afnetlink.c:2432 netlinkdumpstart include/linux/netlink.h:340 [inline] rtnetlinkdumpstart net/core/rtnetlink.c:6815 [inline] rtnetlinkrcvmsg+0x1256/0x14a0 net/core/rtnetlink.c:6882 netlinkrcvskb+0x467/0x660 net/netlink/afnetlink.c:2542 rtnetlinkrcv+0x35/0x40 net/core/rtnetlink.c:6944 netlinkunicastkernel net/netlink/afnetlink.c:1321 [inline] netlinkunicast+0xed6/0x1290 net/netlink/afnetlink.c:1347 netlinksendmsg+0x1092/0x1230 net/netlink/afnetlink.c:1891 socksendmsgnosec net/socket.c:711 [inline] _socksendmsg+0x330/0x3d0 net/socket.c:726 _syssendmsg+0x7f4/0xb50 net/socket.c:2583 _syssendmsg+0x271/0x3b0 net/socket.c:2637 _syssendmsg net/socket.c:2669 [inline] _dosyssendmsg net/socket.c:2674 [inline] _sesyssendmsg net/socket.c:2672 [inline] _x64syssendmsg+0x211/0x3e0 net/socket.c:2672 x64syscall+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls64.h:47 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xd9/0x1d0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
Uninit was created at: slabpostallochook mm/slub.c:4110 [inline] slaballocnode mm/slub.c:4153 [inline] kmemcacheallocnodenoprof+0x800/0xe80 mm/slub.c:4205 kmallocreserve+0x13b/0x4b0 net/core/skbuff.c:587 allocskb+0x347/0x7d0 net/core/skbuff.c:678 allocskb include/linux/skbuff.h:1323 [inline] netlinkalloclargeskb+0xa5/0x280 net/netlink/afnetlink.c:1196 netlinksendmsg+0xac9/0x1230 net/netlink/afnetlink.c:1866 socksendmsgnosec net/socket.c:711 [inline] _socksendmsg+0x330/0x3d0 net/socket.c:726 syssendmsg+0x7f4/0xb50 net/socket.c:2583 _syssendmsg+0x271/0x3b0 net/socket.c:2637 _syssendmsg net/socket.c:2669 [inline] _dosyssendmsg net/socket.c:2674 [inline] _sesyssendmsg net/socket.c:2672 [inline] _x64syssendmsg+0x211/0x3e0 net/socket.c:2672 x64syscall+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls64.h:47 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xd9/0x1d0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
- References
-
- https://git.kernel.org/stable/c/1693d1fade71646a0731b6b213298cb443d186ea
- https://git.kernel.org/stable/c/5066293b9b7046a906eff60e3949a887ae185a43
- https://git.kernel.org/stable/c/a84d511165d6ba7f331b90ae6b6ce180ec534daa
- https://git.kernel.org/stable/c/cb1de9309a48cc5b771115781eec05075fd67039
- https://git.kernel.org/stable/c/f554bce488605d2f70e06eeab5e4d2448c813713