In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: extend RCU protection in igmp6_send()
igmp6_send() can be called without RTNL or RCU being held.
Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF.
Note that we no longer can use sockallocsendskb() because ipv6.igmpsk uses GFP_KERNEL allocations which can sleep.
Instead use allocskb() and charge the net->ipv6.igmpsk socket under RCU protection.
[
    {
        "id": "CVE-2025-21759-035ddd99",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "net/ipv6/mcast.c",
            "function": "igmp6_send"
        },
        "digest": {
            "function_hash": "130689073245311582250975783645751803649",
            "length": 2015.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a"
    },
    {
        "id": "CVE-2025-21759-159e3da2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "net/ipv6/mcast.c",
            "function": "igmp6_send"
        },
        "digest": {
            "function_hash": "130689073245311582250975783645751803649",
            "length": 2015.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@087c1faa594fa07a66933d750c0b2610aa1a2946"
    },
    {
        "id": "CVE-2025-21759-1c02781e",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "net/ipv6/mcast.c",
            "function": "igmp6_send"
        },
        "digest": {
            "function_hash": "130689073245311582250975783645751803649",
            "length": 2015.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e92d6a413feaf968a33f0b439ecf27404407458"
    },
    {
        "id": "CVE-2025-21759-282aba4d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "net/ipv6/mcast.c"
        },
        "digest": {
            "line_hashes": [
                "305585118357744089387514639302193948909",
                "51200056542776580669141880533781270822",
                "181327079856939740931703294521018342114",
                "48682139315095696712548482527147938268",
                "162867575417360347926162585424130367312",
                "34992303610798035868682044596872005840",
                "208994498101965958537597533908981124575",
                "239701063919996595228727647892174420319",
                "235527104948190918960757849985145773509",
                "308594463491464662335996224500719609190",
                "219814097696807580118552624699386578438",
                "180953176828854164310966773162488803192",
                "236450778373426335116526236430049157773",
                "308688007709172516363785167545130111099",
                "225420614109478879818648051363955264610",
                "104284418171463119251528505885682376601",
                "99393395344835463860128904763166809116",
                "291330458803219283448588707391949928407",
                "70138398290998952918795419940458874456",
                "77683264455481355993702951788590782767",
                "182837518481550840770817979870577181587",
                "304917457579697374615649376650493471570",
                "47588707953209271397432819952602066436",
                "135809244608058790577149664149934073671",
                "201899290195674530483303092724586131107",
                "29067203053663837700395584379613169280",
                "202822635348581335280425743912837495759",
                "61079554414518728732061600176451067417",
                "51426227213546439129071610723717826064",
                "319367056525048385313441208096847002541",
                "45604461609365888324391950708831657447",
                "191504775526497737935485295049866038094",
                "264250528274349797435391604292494300414",
                "205884131191392562798640310534569640860",
                "192256687710599055373685843708663888771",
                "17697203739907299086136175137976117697",
                "236996572229697365567055592788733072420"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@087c1faa594fa07a66933d750c0b2610aa1a2946"
    },
    {
        "id": "CVE-2025-21759-4a940bfa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "net/ipv6/mcast.c"
        },
        "digest": {
            "line_hashes": [
                "305585118357744089387514639302193948909",
                "51200056542776580669141880533781270822",
                "181327079856939740931703294521018342114",
                "48682139315095696712548482527147938268",
                "162867575417360347926162585424130367312",
                "34992303610798035868682044596872005840",
                "208994498101965958537597533908981124575",
                "239701063919996595228727647892174420319",
                "235527104948190918960757849985145773509",
                "308594463491464662335996224500719609190",
                "219814097696807580118552624699386578438",
                "180953176828854164310966773162488803192",
                "236450778373426335116526236430049157773",
                "308688007709172516363785167545130111099",
                "225420614109478879818648051363955264610",
                "104284418171463119251528505885682376601",
                "99393395344835463860128904763166809116",
                "291330458803219283448588707391949928407",
                "70138398290998952918795419940458874456",
                "77683264455481355993702951788590782767",
                "182837518481550840770817979870577181587",
                "304917457579697374615649376650493471570",
                "47588707953209271397432819952602066436",
                "135809244608058790577149664149934073671",
                "201899290195674530483303092724586131107",
                "29067203053663837700395584379613169280",
                "202822635348581335280425743912837495759",
                "61079554414518728732061600176451067417",
                "51426227213546439129071610723717826064",
                "319367056525048385313441208096847002541",
                "45604461609365888324391950708831657447",
                "191504775526497737935485295049866038094",
                "264250528274349797435391604292494300414",
                "205884131191392562798640310534569640860",
                "192256687710599055373685843708663888771",
                "17697203739907299086136175137976117697",
                "236996572229697365567055592788733072420"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0bf8e2f3768629d437a32cb824149e6e98254381"
    },
    {
        "id": "CVE-2025-21759-53ccc544",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "net/ipv6/mcast.c"
        },
        "digest": {
            "line_hashes": [
                "305585118357744089387514639302193948909",
                "51200056542776580669141880533781270822",
                "181327079856939740931703294521018342114",
                "48682139315095696712548482527147938268",
                "162867575417360347926162585424130367312",
                "34992303610798035868682044596872005840",
                "208994498101965958537597533908981124575",
                "239701063919996595228727647892174420319",
                "235527104948190918960757849985145773509",
                "308594463491464662335996224500719609190",
                "219814097696807580118552624699386578438",
                "180953176828854164310966773162488803192",
                "236450778373426335116526236430049157773",
                "308688007709172516363785167545130111099",
                "225420614109478879818648051363955264610",
                "104284418171463119251528505885682376601",
                "99393395344835463860128904763166809116",
                "291330458803219283448588707391949928407",
                "70138398290998952918795419940458874456",
                "77683264455481355993702951788590782767",
                "182837518481550840770817979870577181587",
                "304917457579697374615649376650493471570",
                "47588707953209271397432819952602066436",
                "135809244608058790577149664149934073671",
                "201899290195674530483303092724586131107",
                "29067203053663837700395584379613169280",
                "202822635348581335280425743912837495759",
                "61079554414518728732061600176451067417",
                "51426227213546439129071610723717826064",
                "319367056525048385313441208096847002541",
                "45604461609365888324391950708831657447",
                "191504775526497737935485295049866038094",
                "264250528274349797435391604292494300414",
                "205884131191392562798640310534569640860",
                "192256687710599055373685843708663888771",
                "17697203739907299086136175137976117697",
                "236996572229697365567055592788733072420"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e92d6a413feaf968a33f0b439ecf27404407458"
    },
    {
        "id": "CVE-2025-21759-7f17cc6b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "net/ipv6/mcast.c"
        },
        "digest": {
            "line_hashes": [
                "305585118357744089387514639302193948909",
                "51200056542776580669141880533781270822",
                "181327079856939740931703294521018342114",
                "48682139315095696712548482527147938268",
                "162867575417360347926162585424130367312",
                "34992303610798035868682044596872005840",
                "208994498101965958537597533908981124575",
                "239701063919996595228727647892174420319",
                "235527104948190918960757849985145773509",
                "308594463491464662335996224500719609190",
                "219814097696807580118552624699386578438",
                "180953176828854164310966773162488803192",
                "236450778373426335116526236430049157773",
                "308688007709172516363785167545130111099",
                "225420614109478879818648051363955264610",
                "104284418171463119251528505885682376601",
                "99393395344835463860128904763166809116",
                "291330458803219283448588707391949928407",
                "70138398290998952918795419940458874456",
                "77683264455481355993702951788590782767",
                "182837518481550840770817979870577181587",
                "304917457579697374615649376650493471570",
                "47588707953209271397432819952602066436",
                "135809244608058790577149664149934073671",
                "201899290195674530483303092724586131107",
                "29067203053663837700395584379613169280",
                "202822635348581335280425743912837495759",
                "61079554414518728732061600176451067417",
                "51426227213546439129071610723717826064",
                "319367056525048385313441208096847002541",
                "45604461609365888324391950708831657447",
                "191504775526497737935485295049866038094",
                "264250528274349797435391604292494300414",
                "205884131191392562798640310534569640860",
                "192256687710599055373685843708663888771",
                "17697203739907299086136175137976117697",
                "236996572229697365567055592788733072420"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a"
    },
    {
        "id": "CVE-2025-21759-c9e595cd",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "net/ipv6/mcast.c",
            "function": "igmp6_send"
        },
        "digest": {
            "function_hash": "130689073245311582250975783645751803649",
            "length": 2015.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0bf8e2f3768629d437a32cb824149e6e98254381"
    }
]