Skip to content

In the Linux kernel, the following vulnerability has been...

Unreviewed Published Jan 19, 2025 to the GitHub Advisory Database • Updated Jan 23, 2025

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In the Linux kernel, the following vulnerability has been resolved:

sctp: sysctl: rto_min/max: avoid using current->nsproxy

As mentioned in a previous commit of this series, using the 'net'
structure via 'current' is not recommended for different reasons:

  • Inconsistency: getting info from the reader's/writer's netns vs only
    from the opener's netns.

  • current->nsproxy can be NULL in some cases, resulting in an 'Oops'
    (null-ptr-deref), e.g. when the current task is exiting, as spotted by
    syzbot [1] using acct(2).

The 'net' structure can be obtained from the table->data using
container_of().

Note that table->data could also be used directly, as this is the only
member needed from the 'net' structure, but that would increase the size
of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used.

References

Published by the National Vulnerability Database Jan 19, 2025
Published to the GitHub Advisory Database Jan 19, 2025
Last updated Jan 23, 2025

Severity

Unknown

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(18th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2025-21639

GHSA ID

GHSA-6w8c-3g24-p9jh

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.