CVE-2025-21760
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's IPv6 Neighbor Discovery (NDISC) implementation. The ndisc_send_skb() function could be called without proper RCU protection, potentially leading to memory corruption. This affects all Linux systems using IPv6 networking.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel mode if combined with other vulnerabilities.
Likely Case
System instability, crashes, or denial of service affecting network connectivity.
If Mitigated
Minimal impact if systems are patched or have IPv6 disabled.
🎯 Exploit Status
Exploitation requires specific network conditions and timing to trigger the race condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply kernel patches from stable trees referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c
Restart Required: Yes
Instructions:
1. Update to latest kernel version from your distribution. 2. Apply specific patches from stable kernel trees if needed. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable IPv6
allCompletely disable IPv6 networking to prevent exploitation
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Implement network segmentation to limit exposure
- Monitor systems for crashes or unusual network behavior
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from distribution vendorCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crash dumps
- Network interface errors
Network Indicators:
- Unusual IPv6 neighbor discovery traffic
- Network connectivity issues
SIEM Query:
Search for kernel panic events or system crash reports🔗 References
- https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c
- https://git.kernel.org/stable/c/10a1f3fece2f0d23a3a618b72b2b4e6f408ef7d1
- https://git.kernel.org/stable/c/4d576202b90b1b95a7c428a80b536f91b8201bcc
- https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67
- https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d
- https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d
- https://git.kernel.org/stable/c/e24d225e4cb8cf108bde00b76594499b98f0a74d
- https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
