CVE-2025-21716
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21716
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21716.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21716
- Downstream
- Related
- Published
- 2025-02-27T02:07:26.779Z
- Modified
- 2025-11-16T13:43:47.379637Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- vxlan: Fix uninit-value in vxlan_vnifilter_dump()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vxlan: Fix uninit-value in vxlanvnifilterdump()
KMSAN reported an uninit-value access in vxlanvnifilterdump() [1].
If the length of the netlink message payload is less than sizeof(struct tunnelmsg), vxlanvnifilter_dump() accesses bytes beyond the message. This can lead to uninit-value access. Fix this by returning an error in such situations.
[1] BUG: KMSAN: uninit-value in vxlanvnifilterdump+0x328/0x920 drivers/net/vxlan/vxlanvnifilter.c:422 vxlanvnifilterdump+0x328/0x920 drivers/net/vxlan/vxlanvnifilter.c:422 rtnldumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786 netlinkdump+0x93e/0x15f0 net/netlink/afnetlink.c:2317 netlinkdumpstart+0x716/0xd60 net/netlink/afnetlink.c:2432 netlinkdumpstart include/linux/netlink.h:340 [inline] rtnetlinkdumpstart net/core/rtnetlink.c:6815 [inline] rtnetlinkrcvmsg+0x1256/0x14a0 net/core/rtnetlink.c:6882 netlinkrcvskb+0x467/0x660 net/netlink/afnetlink.c:2542 rtnetlinkrcv+0x35/0x40 net/core/rtnetlink.c:6944 netlinkunicastkernel net/netlink/afnetlink.c:1321 [inline] netlinkunicast+0xed6/0x1290 net/netlink/afnetlink.c:1347 netlinksendmsg+0x1092/0x1230 net/netlink/afnetlink.c:1891 socksendmsgnosec net/socket.c:711 [inline] _socksendmsg+0x330/0x3d0 net/socket.c:726 _syssendmsg+0x7f4/0xb50 net/socket.c:2583 _syssendmsg+0x271/0x3b0 net/socket.c:2637 _syssendmsg net/socket.c:2669 [inline] _dosyssendmsg net/socket.c:2674 [inline] _sesyssendmsg net/socket.c:2672 [inline] _x64syssendmsg+0x211/0x3e0 net/socket.c:2672 x64syscall+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls64.h:47 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xd9/0x1d0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
Uninit was created at: slabpostallochook mm/slub.c:4110 [inline] slaballocnode mm/slub.c:4153 [inline] kmemcacheallocnodenoprof+0x800/0xe80 mm/slub.c:4205 kmallocreserve+0x13b/0x4b0 net/core/skbuff.c:587 allocskb+0x347/0x7d0 net/core/skbuff.c:678 allocskb include/linux/skbuff.h:1323 [inline] netlinkalloclargeskb+0xa5/0x280 net/netlink/afnetlink.c:1196 netlinksendmsg+0xac9/0x1230 net/netlink/afnetlink.c:1866 socksendmsgnosec net/socket.c:711 [inline] _socksendmsg+0x330/0x3d0 net/socket.c:726 syssendmsg+0x7f4/0xb50 net/socket.c:2583 _syssendmsg+0x271/0x3b0 net/socket.c:2637 _syssendmsg net/socket.c:2669 [inline] _dosyssendmsg net/socket.c:2674 [inline] _sesyssendmsg net/socket.c:2672 [inline] _x64syssendmsg+0x211/0x3e0 net/socket.c:2672 x64syscall+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls64.h:47 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xd9/0x1d0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1693d1fade71646a0731b6b213298cb443d186ea
- https://git.kernel.org/stable/c/5066293b9b7046a906eff60e3949a887ae185a43
- https://git.kernel.org/stable/c/a84d511165d6ba7f331b90ae6b6ce180ec534daa
- https://git.kernel.org/stable/c/cb1de9309a48cc5b771115781eec05075fd67039
- https://git.kernel.org/stable/c/f554bce488605d2f70e06eeab5e4d2448c813713
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf9c4bb0b245cee35ef66f75bf409c9573d934cf9Fixedcb1de9309a48cc5b771115781eec05075fd67039
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf9c4bb0b245cee35ef66f75bf409c9573d934cf9Fixeda84d511165d6ba7f331b90ae6b6ce180ec534daa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf9c4bb0b245cee35ef66f75bf409c9573d934cf9Fixedf554bce488605d2f70e06eeab5e4d2448c813713
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf9c4bb0b245cee35ef66f75bf409c9573d934cf9Fixed1693d1fade71646a0731b6b213298cb443d186ea
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf9c4bb0b245cee35ef66f75bf409c9573d934cf9Fixed5066293b9b7046a906eff60e3949a887ae185a43
Affected versions
v5.*
v6.*
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb1de9309a48cc5b771115781eec05075fd67039",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"289489453635589947026772778393763102075",
"206935243756433106064813241426820788485",
"143664944269512226556528080283710662930"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-21716-23c683f2",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f554bce488605d2f70e06eeab5e4d2448c813713",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c",
"function": "vxlan_vnifilter_dump"
},
"digest": {
"length": 1017.0,
"function_hash": "154539533710300535664966077019013520100"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-21716-4183e827",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1693d1fade71646a0731b6b213298cb443d186ea",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c",
"function": "vxlan_vnifilter_dump"
},
"digest": {
"length": 1017.0,
"function_hash": "154539533710300535664966077019013520100"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-21716-45439955",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a84d511165d6ba7f331b90ae6b6ce180ec534daa",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"289489453635589947026772778393763102075",
"206935243756433106064813241426820788485",
"143664944269512226556528080283710662930"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-21716-57b67821",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5066293b9b7046a906eff60e3949a887ae185a43",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"289489453635589947026772778393763102075",
"206935243756433106064813241426820788485",
"143664944269512226556528080283710662930"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-21716-5f605173",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1693d1fade71646a0731b6b213298cb443d186ea",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"289489453635589947026772778393763102075",
"206935243756433106064813241426820788485",
"143664944269512226556528080283710662930"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-21716-6e7c3567",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb1de9309a48cc5b771115781eec05075fd67039",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c",
"function": "vxlan_vnifilter_dump"
},
"digest": {
"length": 1017.0,
"function_hash": "154539533710300535664966077019013520100"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-21716-78483aa8",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5066293b9b7046a906eff60e3949a887ae185a43",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c",
"function": "vxlan_vnifilter_dump"
},
"digest": {
"length": 1017.0,
"function_hash": "154539533710300535664966077019013520100"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-21716-ca17c5e8",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f554bce488605d2f70e06eeab5e4d2448c813713",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"289489453635589947026772778393763102075",
"206935243756433106064813241426820788485",
"143664944269512226556528080283710662930"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-21716-d1444c49",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a84d511165d6ba7f331b90ae6b6ce180ec534daa",
"target": {
"file": "drivers/net/vxlan/vxlan_vnifilter.c",
"function": "vxlan_vnifilter_dump"
},
"digest": {
"length": 1017.0,
"function_hash": "154539533710300535664966077019013520100"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-21716-d61e10a1",
"signature_version": "v1"
}
]