CVE-2025-21864

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21864
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21864.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21864
Downstream
Related
Published
2025-03-12T09:42:21Z
Modified
2025-10-17T22:31:13.805565Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
tcp: drop secpath at the same time as we currently drop dst
Details

In the Linux kernel, the following vulnerability has been resolved:

tcp: drop secpath at the same time as we currently drop dst

Xiumei reported hitting the WARN in xfrm6tunnelnet_exit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the pair of netns

The xfrmstate found on spibyaddr was not deleted at the time we delete the netns, because we still have a reference on it. This lingering reference comes from a secpath (which holds a ref on the xfrmstate), which is still attached to an skb. This skb is not leaked, it ends up on skreceivequeue and then gets defer-free'd by skbattemptdeferfree.

The problem happens when we defer freeing an skb (push it on one CPU's deferlist), and don't flush that list before the netns is deleted. In that case, we still have a reference on the xfrmstate that we don't expect at this point.

We already drop the skb's dst in the TCP receive path when it's no longer needed, so let's also drop the secpath. At this point, tcp_filter has already called into the LSM hooks that may require the secpath, so it should not be needed anymore. However, in some of those places, the MPTCP extension has just been attached to the skb, so we cannot simply drop all extensions.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
68822bdf76f10c3dc80609d4e2cdc1e847429086
Fixed
87858bbf21da239ace300d61dd209907995c0491
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
68822bdf76f10c3dc80609d4e2cdc1e847429086
Fixed
f1d5e6a5e468308af7759cf5276779d3155c5e98
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
68822bdf76f10c3dc80609d4e2cdc1e847429086
Fixed
cd34a07f744451e2ecf9005bb7d24d0b2fb83656
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
68822bdf76f10c3dc80609d4e2cdc1e847429086
Fixed
69cafd9413084cd5012cf5d7c7ec6f3d493726d9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
68822bdf76f10c3dc80609d4e2cdc1e847429086
Fixed
9b6412e6979f6f9e0632075f8f008937b5cd4efd

Affected versions

v5.*

v5.18
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.11
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.114
v6.1.115
v6.1.116
v6.1.117
v6.1.118
v6.1.119
v6.1.12
v6.1.120
v6.1.121
v6.1.122
v6.1.123
v6.1.124
v6.1.125
v6.1.126
v6.1.127
v6.1.128
v6.1.129
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.2
v6.13.3
v6.13.4
v6.14-rc1
v6.14-rc2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-21864-1a0302ed",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "81607696785254007220516415021582162728",
            "length": 1134.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_ofo_queue"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b6412e6979f6f9e0632075f8f008937b5cd4efd"
    },
    {
        "id": "CVE-2025-21864-1e1549f7",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "281036985110759975392557721206013801146",
                "206971151587237986839801621348997038886",
                "201973351618511627083987073515990740701",
                "326803920925431319361769260137653812960"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_ipv4.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd34a07f744451e2ecf9005bb7d24d0b2fb83656"
    },
    {
        "id": "CVE-2025-21864-2a33a66d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "281036985110759975392557721206013801146",
                "206971151587237986839801621348997038886",
                "201973351618511627083987073515990740701",
                "326803920925431319361769260137653812960"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_ipv4.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87858bbf21da239ace300d61dd209907995c0491"
    },
    {
        "id": "CVE-2025-21864-2df14711",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "222617021479271947546600767590039171877",
                "286654314085155106638600666990231759665",
                "207253263912207183689347711895659926107",
                "105086394927151358970404411204786766124",
                "39698980941047083157874700503269581324",
                "72812408243174631070956953514643950542",
                "52383197099624940321665608306714849378",
                "232618876156787130859432253302904645432"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1d5e6a5e468308af7759cf5276779d3155c5e98"
    },
    {
        "id": "CVE-2025-21864-34d55ee6",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "207621494374337583337954037414808262917",
                "206328888772146235479418386773671680150",
                "8890647121921488689231529546740253722",
                "309649142979302524837468307260451105915",
                "338211138665045994709600224274343835050",
                "241377810298197725316477753375365580460",
                "296430841605372565549063276164660419030"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/net/tcp.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69cafd9413084cd5012cf5d7c7ec6f3d493726d9"
    },
    {
        "id": "CVE-2025-21864-352ef8bf",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "129639135005446605019083059988149824768",
            "length": 718.0
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c",
            "function": "tcp_fastopen_add_skb"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1d5e6a5e468308af7759cf5276779d3155c5e98"
    },
    {
        "id": "CVE-2025-21864-3542c8f3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "129639135005446605019083059988149824768",
            "length": 718.0
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c",
            "function": "tcp_fastopen_add_skb"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87858bbf21da239ace300d61dd209907995c0491"
    },
    {
        "id": "CVE-2025-21864-3e432987",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "222617021479271947546600767590039171877",
                "286654314085155106638600666990231759665",
                "207253263912207183689347711895659926107",
                "105086394927151358970404411204786766124",
                "39698980941047083157874700503269581324",
                "72812408243174631070956953514643950542",
                "52383197099624940321665608306714849378",
                "232618876156787130859432253302904645432"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd34a07f744451e2ecf9005bb7d24d0b2fb83656"
    },
    {
        "id": "CVE-2025-21864-42300265",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31538387340150128950981280239991607161",
            "length": 388.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_queue_rcv"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd34a07f744451e2ecf9005bb7d24d0b2fb83656"
    },
    {
        "id": "CVE-2025-21864-46c562b8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "202007361990544886956573234438284738149",
                "20465081459969702190373694122473172282",
                "200671296071803460237078024157545414806",
                "36458714811776732728503663670783109527",
                "325363794441136918030571261227175943949",
                "248466031050535631280598442529743196216",
                "127453661112447412501841624180659981299",
                "69050883589279645114537393322096091916",
                "213822990202657584117669034181302935010",
                "282767166511907239808423150227893838305",
                "126795519571985503943592321861907017251",
                "59494079312246807247415674750115028421",
                "139552200706303669828246904217912764120",
                "339001245079887707191081236326324103423",
                "297491708066274046052878626230607106802",
                "298638686706315759217888366905330734911"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_input.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1d5e6a5e468308af7759cf5276779d3155c5e98"
    },
    {
        "id": "CVE-2025-21864-4a2973e6",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "81607696785254007220516415021582162728",
            "length": 1134.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_ofo_queue"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69cafd9413084cd5012cf5d7c7ec6f3d493726d9"
    },
    {
        "id": "CVE-2025-21864-4a83cd3c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "81607696785254007220516415021582162728",
            "length": 1134.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_ofo_queue"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1d5e6a5e468308af7759cf5276779d3155c5e98"
    },
    {
        "id": "CVE-2025-21864-4eb33078",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "222617021479271947546600767590039171877",
                "286654314085155106638600666990231759665",
                "207253263912207183689347711895659926107",
                "105086394927151358970404411204786766124",
                "39698980941047083157874700503269581324",
                "72812408243174631070956953514643950542",
                "52383197099624940321665608306714849378",
                "232618876156787130859432253302904645432"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87858bbf21da239ace300d61dd209907995c0491"
    },
    {
        "id": "CVE-2025-21864-5ecb29f4",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31538387340150128950981280239991607161",
            "length": 388.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_queue_rcv"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1d5e6a5e468308af7759cf5276779d3155c5e98"
    },
    {
        "id": "CVE-2025-21864-6c254bb8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "81607696785254007220516415021582162728",
            "length": 1134.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_ofo_queue"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd34a07f744451e2ecf9005bb7d24d0b2fb83656"
    },
    {
        "id": "CVE-2025-21864-75dc5c1d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31538387340150128950981280239991607161",
            "length": 388.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_queue_rcv"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87858bbf21da239ace300d61dd209907995c0491"
    },
    {
        "id": "CVE-2025-21864-8bc7a147",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "222617021479271947546600767590039171877",
                "286654314085155106638600666990231759665",
                "207253263912207183689347711895659926107",
                "105086394927151358970404411204786766124",
                "39698980941047083157874700503269581324",
                "72812408243174631070956953514643950542",
                "52383197099624940321665608306714849378",
                "232618876156787130859432253302904645432"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b6412e6979f6f9e0632075f8f008937b5cd4efd"
    },
    {
        "id": "CVE-2025-21864-8d5d7e9e",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "152856454999750482653147374046859031117",
                "206328888772146235479418386773671680150",
                "8890647121921488689231529546740253722",
                "309649142979302524837468307260451105915",
                "338211138665045994709600224274343835050",
                "241377810298197725316477753375365580460",
                "296430841605372565549063276164660419030"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/net/tcp.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87858bbf21da239ace300d61dd209907995c0491"
    },
    {
        "id": "CVE-2025-21864-a77deca4",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31538387340150128950981280239991607161",
            "length": 388.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_queue_rcv"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69cafd9413084cd5012cf5d7c7ec6f3d493726d9"
    },
    {
        "id": "CVE-2025-21864-b11745b0",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "129639135005446605019083059988149824768",
            "length": 718.0
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c",
            "function": "tcp_fastopen_add_skb"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69cafd9413084cd5012cf5d7c7ec6f3d493726d9"
    },
    {
        "id": "CVE-2025-21864-b61c55c3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "152856454999750482653147374046859031117",
                "206328888772146235479418386773671680150",
                "8890647121921488689231529546740253722",
                "309649142979302524837468307260451105915",
                "338211138665045994709600224274343835050",
                "241377810298197725316477753375365580460",
                "296430841605372565549063276164660419030"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/net/tcp.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1d5e6a5e468308af7759cf5276779d3155c5e98"
    },
    {
        "id": "CVE-2025-21864-bc922d37",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "202007361990544886956573234438284738149",
                "20465081459969702190373694122473172282",
                "200671296071803460237078024157545414806",
                "36458714811776732728503663670783109527",
                "325363794441136918030571261227175943949",
                "248466031050535631280598442529743196216",
                "127453661112447412501841624180659981299",
                "69050883589279645114537393322096091916",
                "213822990202657584117669034181302935010",
                "282767166511907239808423150227893838305",
                "126795519571985503943592321861907017251",
                "59494079312246807247415674750115028421",
                "139552200706303669828246904217912764120",
                "339001245079887707191081236326324103423",
                "297491708066274046052878626230607106802",
                "298638686706315759217888366905330734911"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_input.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b6412e6979f6f9e0632075f8f008937b5cd4efd"
    },
    {
        "id": "CVE-2025-21864-bebebd8d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "222617021479271947546600767590039171877",
                "286654314085155106638600666990231759665",
                "207253263912207183689347711895659926107",
                "105086394927151358970404411204786766124",
                "39698980941047083157874700503269581324",
                "72812408243174631070956953514643950542",
                "52383197099624940321665608306714849378",
                "232618876156787130859432253302904645432"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69cafd9413084cd5012cf5d7c7ec6f3d493726d9"
    },
    {
        "id": "CVE-2025-21864-cdc8e35b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "281036985110759975392557721206013801146",
                "206971151587237986839801621348997038886",
                "201973351618511627083987073515990740701",
                "326803920925431319361769260137653812960"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_ipv4.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69cafd9413084cd5012cf5d7c7ec6f3d493726d9"
    },
    {
        "id": "CVE-2025-21864-d1dd9ae8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "202007361990544886956573234438284738149",
                "20465081459969702190373694122473172282",
                "200671296071803460237078024157545414806",
                "36458714811776732728503663670783109527",
                "325363794441136918030571261227175943949",
                "248466031050535631280598442529743196216",
                "127453661112447412501841624180659981299",
                "69050883589279645114537393322096091916",
                "213822990202657584117669034181302935010",
                "282767166511907239808423150227893838305",
                "126795519571985503943592321861907017251",
                "59494079312246807247415674750115028421",
                "139552200706303669828246904217912764120",
                "339001245079887707191081236326324103423",
                "297491708066274046052878626230607106802",
                "298638686706315759217888366905330734911"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_input.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69cafd9413084cd5012cf5d7c7ec6f3d493726d9"
    },
    {
        "id": "CVE-2025-21864-d262850b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "281036985110759975392557721206013801146",
                "206971151587237986839801621348997038886",
                "201973351618511627083987073515990740701",
                "326803920925431319361769260137653812960"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_ipv4.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1d5e6a5e468308af7759cf5276779d3155c5e98"
    },
    {
        "id": "CVE-2025-21864-d7c42140",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "129639135005446605019083059988149824768",
            "length": 718.0
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c",
            "function": "tcp_fastopen_add_skb"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b6412e6979f6f9e0632075f8f008937b5cd4efd"
    },
    {
        "id": "CVE-2025-21864-dabc71dd",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "81607696785254007220516415021582162728",
            "length": 1134.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_ofo_queue"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87858bbf21da239ace300d61dd209907995c0491"
    },
    {
        "id": "CVE-2025-21864-debb9506",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "281036985110759975392557721206013801146",
                "206971151587237986839801621348997038886",
                "201973351618511627083987073515990740701",
                "326803920925431319361769260137653812960"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_ipv4.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b6412e6979f6f9e0632075f8f008937b5cd4efd"
    },
    {
        "id": "CVE-2025-21864-eb14faee",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "129639135005446605019083059988149824768",
            "length": 718.0
        },
        "target": {
            "file": "net/ipv4/tcp_fastopen.c",
            "function": "tcp_fastopen_add_skb"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd34a07f744451e2ecf9005bb7d24d0b2fb83656"
    },
    {
        "id": "CVE-2025-21864-ed7c88f7",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "207621494374337583337954037414808262917",
                "206328888772146235479418386773671680150",
                "8890647121921488689231529546740253722",
                "309649142979302524837468307260451105915",
                "338211138665045994709600224274343835050",
                "241377810298197725316477753375365580460",
                "296430841605372565549063276164660419030"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/net/tcp.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd34a07f744451e2ecf9005bb7d24d0b2fb83656"
    },
    {
        "id": "CVE-2025-21864-eda2df38",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "202007361990544886956573234438284738149",
                "20465081459969702190373694122473172282",
                "200671296071803460237078024157545414806",
                "36458714811776732728503663670783109527",
                "325363794441136918030571261227175943949",
                "248466031050535631280598442529743196216",
                "127453661112447412501841624180659981299",
                "69050883589279645114537393322096091916",
                "213822990202657584117669034181302935010",
                "282767166511907239808423150227893838305",
                "126795519571985503943592321861907017251",
                "59494079312246807247415674750115028421",
                "139552200706303669828246904217912764120",
                "339001245079887707191081236326324103423",
                "297491708066274046052878626230607106802",
                "298638686706315759217888366905330734911"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_input.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd34a07f744451e2ecf9005bb7d24d0b2fb83656"
    },
    {
        "id": "CVE-2025-21864-f2cab5c5",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31538387340150128950981280239991607161",
            "length": 388.0
        },
        "target": {
            "file": "net/ipv4/tcp_input.c",
            "function": "tcp_queue_rcv"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b6412e6979f6f9e0632075f8f008937b5cd4efd"
    },
    {
        "id": "CVE-2025-21864-f34db821",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "207621494374337583337954037414808262917",
                "206328888772146235479418386773671680150",
                "8890647121921488689231529546740253722",
                "309649142979302524837468307260451105915",
                "338211138665045994709600224274343835050",
                "241377810298197725316477753375365580460",
                "296430841605372565549063276164660419030"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/net/tcp.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b6412e6979f6f9e0632075f8f008937b5cd4efd"
    },
    {
        "id": "CVE-2025-21864-fb6709a8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "202007361990544886956573234438284738149",
                "20465081459969702190373694122473172282",
                "200671296071803460237078024157545414806",
                "36458714811776732728503663670783109527",
                "325363794441136918030571261227175943949",
                "248466031050535631280598442529743196216",
                "127453661112447412501841624180659981299",
                "69050883589279645114537393322096091916",
                "213822990202657584117669034181302935010",
                "282767166511907239808423150227893838305",
                "126795519571985503943592321861907017251",
                "59494079312246807247415674750115028421",
                "139552200706303669828246904217912764120",
                "339001245079887707191081236326324103423",
                "297491708066274046052878626230607106802",
                "298638686706315759217888366905330734911"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "net/ipv4/tcp_input.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87858bbf21da239ace300d61dd209907995c0491"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.130
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.80
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.17
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.5