CVE-2025-21716

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-21716
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21716.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21716
Downstream
Related
Published
2025-02-27T02:07:26.779Z
Modified
2026-05-15T11:53:48.042083370Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
Details

In the Linux kernel, the following vulnerability has been resolved:

vxlan: Fix uninit-value in vxlanvnifilterdump()

KMSAN reported an uninit-value access in vxlanvnifilterdump() [1].

If the length of the netlink message payload is less than sizeof(struct tunnelmsg), vxlanvnifilter_dump() accesses bytes beyond the message. This can lead to uninit-value access. Fix this by returning an error in such situations.

[1] BUG: KMSAN: uninit-value in vxlanvnifilterdump+0x328/0x920 drivers/net/vxlan/vxlanvnifilter.c:422 vxlanvnifilterdump+0x328/0x920 drivers/net/vxlan/vxlanvnifilter.c:422 rtnldumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786 netlinkdump+0x93e/0x15f0 net/netlink/af_netlink.c:2317 __netlinkdumpstart+0x716/0xd60 net/netlink/afnetlink.c:2432 netlinkdumpstart include/linux/netlink.h:340 [inline] rtnetlinkdumpstart net/core/rtnetlink.c:6815 [inline] rtnetlinkrcvmsg+0x1256/0x14a0 net/core/rtnetlink.c:6882 netlinkrcvskb+0x467/0x660 net/netlink/afnetlink.c:2542 rtnetlinkrcv+0x35/0x40 net/core/rtnetlink.c:6944 netlinkunicastkernel net/netlink/afnetlink.c:1321 [inline] netlinkunicast+0xed6/0x1290 net/netlink/afnetlink.c:1347 netlinksendmsg+0x1092/0x1230 net/netlink/afnetlink.c:1891 socksendmsgnosec net/socket.c:711 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:726 ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637 __sys_sendmsg net/socket.c:2669 [inline] __dosyssendmsg net/socket.c:2674 [inline] __sesyssendmsg net/socket.c:2672 [inline] _x64syssendmsg+0x211/0x3e0 net/socket.c:2672 x64syscall+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls64.h:47 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xd9/0x1d0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

Uninit was created at: slabpostallochook mm/slub.c:4110 [inline] slaballocnode mm/slub.c:4153 [inline] kmemcacheallocnodenoprof+0x800/0xe80 mm/slub.c:4205 kmallocreserve+0x13b/0x4b0 net/core/skbuff.c:587 __allocskb+0x347/0x7d0 net/core/skbuff.c:678 allocskb include/linux/skbuff.h:1323 [inline] netlinkalloclargeskb+0xa5/0x280 net/netlink/afnetlink.c:1196 netlinksendmsg+0xac9/0x1230 net/netlink/afnetlink.c:1866 socksendmsgnosec net/socket.c:711 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:726 ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637 __sys_sendmsg net/socket.c:2669 [inline] __dosyssendmsg net/socket.c:2674 [inline] __sesyssendmsg net/socket.c:2672 [inline] _x64syssendmsg+0x211/0x3e0 net/socket.c:2672 x64syscall+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls64.h:47 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xd9/0x1d0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21716.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
6.1.129
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.76
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.13
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21716.json"