CVE-2025-21891
- Source
- https://cve.org/CVERecord?id=CVE-2025-21891
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21891.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21891
- Downstream
- Related
- Published
- 2025-03-27T14:57:17.267Z
- Modified
- 2026-05-13T03:52:03.005389901Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ipvlan: ensure network headers are in skb linear part
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: ensure network headers are in skb linear part
syzbot found that ipvlanprocessv6_outbound() was assuming the IPv6 network header isis present in skb->head [1]
Add the needed pskbnetworkmay_pull() calls for both IPv4 and IPv6 handlers.
[1] BUG: KMSAN: uninit-value in __ipv6addrtype+0xa2/0x490 net/ipv6/addrconf_core.c:47 __ipv6addrtype+0xa2/0x490 net/ipv6/addrconfcore.c:47 ipv6addrtype include/net/ipv6.h:555 [inline] ip6routeoutputflagsnoref net/ipv6/route.c:2616 [inline] ip6routeoutputflags+0x51/0x720 net/ipv6/route.c:2651 ip6routeoutput include/net/ip6route.h:93 [inline] ipvlanroutev6outbound+0x24e/0x520 drivers/net/ipvlan/ipvlancore.c:476 ipvlanprocessv6outbound drivers/net/ipvlan/ipvlancore.c:491 [inline] ipvlanprocessoutbound drivers/net/ipvlan/ipvlancore.c:541 [inline] ipvlanxmitmodel3 drivers/net/ipvlan/ipvlancore.c:605 [inline] ipvlanqueuexmit+0xd72/0x1780 drivers/net/ipvlan/ipvlancore.c:671 ipvlanstartxmit+0x5b/0x210 drivers/net/ipvlan/ipvlanmain.c:223 __netdevstartxmit include/linux/netdevice.h:5150 [inline] netdevstartxmit include/linux/netdevice.h:5159 [inline] xmitone net/core/dev.c:3735 [inline] devhardstartxmit+0x247/0xa20 net/core/dev.c:3751 schdirectxmit+0x399/0xd40 net/sched/schgeneric.c:343 qdiscrestart net/sched/sch_generic.c:408 [inline] __qdiscrun+0x14da/0x35d0 net/sched/schgeneric.c:416 qdiscrun+0x141/0x4d0 include/net/pktsched.h:127 nettxaction+0x78b/0x940 net/core/dev.c:5484 handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561 __dosoftirq+0x14/0x1a kernel/softirq.c:595 dosoftirq+0x9a/0x100 kernel/softirq.c:462 __localbhenableip+0x9f/0xb0 kernel/softirq.c:389 localbh_enable include/linux/bottomhalf.h:33 [inline] rcureadunlockbh include/linux/rcupdate.h:919 [inline] __devqueuexmit+0x2758/0x57d0 net/core/dev.c:4611 devqueuexmit include/linux/netdevice.h:3311 [inline] packetxmit+0x9c/0x6c0 net/packet/afpacket.c:276 packetsnd net/packet/afpacket.c:3132 [inline] packetsendmsg+0x93e0/0xa7e0 net/packet/afpacket.c:3164 socksendmsgnosec net/socket.c:718 [inline]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21891.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/27843ce6ba3d3122b65066550fe33fb8839f8aef
- https://git.kernel.org/stable/c/4ec48f812804f370f622e0874e6dd8fcc58241cd
- https://git.kernel.org/stable/c/5353fd89663c48f56bdff975c562cfe78b1a2e4c
- https://git.kernel.org/stable/c/5b8dea8d1612dc7151d2457d7d2e6a69820309bf
- https://git.kernel.org/stable/c/e2a4f76a2d8a44816ecd25bcbdb47b786d621974
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21891.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-21891
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2ad7bf3638411cb547f2823df08166c13ab04269Fixed5b8dea8d1612dc7151d2457d7d2e6a69820309bfFixed4ec48f812804f370f622e0874e6dd8fcc58241cdFixed5353fd89663c48f56bdff975c562cfe78b1a2e4cFixede2a4f76a2d8a44816ecd25bcbdb47b786d621974Fixed27843ce6ba3d3122b65066550fe33fb8839f8aef