DEBIAN-CVE-2025-22103
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2025-22103
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-22103.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-22103
- Upstream
- Published
- 2025-04-16T15:16:04Z
- Modified
- 2025-09-18T06:32:28.172103Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdevl3rcv When delete l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s This may cause a null pointer dereference: Call trace: iprcvfinish+0x48/0xd0 iprcv+0x5c/0x100 _netifreceiveskbonecore+0x64/0xb0 _netifreceiveskb+0x20/0x80 processbacklog+0xb4/0x204 napipoll+0xe8/0x294 netrxaction+0xd8/0x22c _dosoftirq+0x12c/0x354 This is because l3mdevl3rcv() visit dev->l3mdevops after ipvlanl3sunregister() assign the dev->l3mdevops to NULL. The process like this: (CPU1) | (CPU2) l3mdevl3rcv() | check dev->privflags: | master = skb->dev; | | | ipvlanl3sunregister() | set dev->privflags | dev->l3mdevops = NULL; | visit master->l3mdevops | To avoid this by do not set dev->l3mdevops when unregister l3s ipvlan.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.3-1