Bug 2424860 (CVE-2025-68353) - CVE-2025-68353 kernel: Kernel: Denial of Service via NULL pointer dereference in VXLAN module
Summary: CVE-2025-68353 kernel: Kernel: Denial of Service via NULL pointer dereference...
Keywords:
Status: NEW
Alias: CVE-2025-68353
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-24 11:01 UTC by OSIDB Bzimport
Modified: 2026-01-05 13:52 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-24 11:01:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: vxlan: prevent NULL deref in vxlan_xmit_one

Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in
vxlan_xmit_one, e.g. if the iface is brought down. This can lead to the
following NULL dereference:

  BUG: kernel NULL pointer dereference, address: 0000000000000010
  Oops: Oops: 0000 [#1] SMP NOPTI
  RIP: 0010:vxlan_xmit_one+0xbb3/0x1580
  Call Trace:
   vxlan_xmit+0x429/0x610
   dev_hard_start_xmit+0x55/0xa0
   __dev_queue_xmit+0x6d0/0x7f0
   ip_finish_output2+0x24b/0x590
   ip_output+0x63/0x110

Mentioned commits changed the code path in vxlan_xmit_one and as a side
effect the sock4/6 pointer validity checks in vxlan(6)_get_route were
lost. Fix this by adding back checks.

Since both commits being fixed were released in the same version (v6.7)
and are strongly related, bundle the fixes in a single commit.
Comment 1 Vipul Nair 2025-12-24 13:17:09 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122455-CVE-2025-68353-8704@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.