2348596 – (CVE-2025-21759) CVE-2025-21759 kernel: ipv6: mcast: extend RCU protection in igmp6_send()

Bug 2348596 (CVE-2025-21759) - CVE-2025-21759 kernel: ipv6: mcast: extend RCU protection in igmp6_send()

Summary: CVE-2025-21759 kernel: ipv6: mcast: extend RCU protection in igmp6_send()

Keywords:
Status:	NEW
Alias:	CVE-2025-21759
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-27 03:04 UTC by OSIDB Bzimport
Modified:	2025-10-20 13:26 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2025:13889	None	None	None	2025-08-14 11:49:32 UTC
Red Hat Product Errata	RHSA-2025:10371	None	None	None	2025-07-07 06:01:54 UTC
Red Hat Product Errata	RHSA-2025:10379	None	None	None	2025-07-07 08:17:50 UTC
Red Hat Product Errata	RHSA-2025:10829	None	None	None	2025-07-14 00:18:15 UTC
Red Hat Product Errata	RHSA-2025:10830	None	None	None	2025-07-14 00:22:12 UTC
Red Hat Product Errata	RHSA-2025:11245	None	None	None	2025-07-15 21:04:19 UTC
Red Hat Product Errata	RHSA-2025:12209	None	None	None	2025-07-29 16:55:19 UTC
Red Hat Product Errata	RHSA-2025:12311	None	None	None	2025-07-30 15:16:19 UTC
Red Hat Product Errata	RHSA-2025:13589	None	None	None	2025-08-11 09:45:20 UTC
Red Hat Product Errata	RHSA-2025:13590	None	None	None	2025-08-11 09:39:32 UTC
Red Hat Product Errata	RHSA-2025:14985	None	None	None	2025-09-02 01:47:00 UTC
Red Hat Product Errata	RHSA-2025:15656	None	None	None	2025-09-10 18:23:17 UTC
Red Hat Product Errata	RHSA-2025:15660	None	None	None	2025-09-11 01:48:52 UTC
Red Hat Product Errata	RHSA-2025:17124	None	None	None	2025-10-01 00:24:25 UTC

Description OSIDB Bzimport 2025-02-27 03:04:34 UTC

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: extend RCU protection in igmp6_send()

igmp6_send() can be called without RTNL or RCU being held.

Extend RCU protection so that we can safely fetch the net pointer
and avoid a potential UAF.

Note that we no longer can use sock_alloc_send_skb() because
ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.

Instead use alloc_skb() and charge the net->ipv6.igmp_sk
socket under RCU protection.

Comment 1 Michal Findra 2025-02-27 19:10:59 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21759-ad7c@gregkh/T

Comment 5 errata-xmlrpc 2025-07-07 06:01:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:10371 https://access.redhat.com/errata/RHSA-2025:10371

Comment 6 errata-xmlrpc 2025-07-07 08:17:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:10379 https://access.redhat.com/errata/RHSA-2025:10379

Comment 7 errata-xmlrpc 2025-07-14 00:18:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:10829 https://access.redhat.com/errata/RHSA-2025:10829

Comment 8 errata-xmlrpc 2025-07-14 00:22:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:10830 https://access.redhat.com/errata/RHSA-2025:10830

Comment 9 errata-xmlrpc 2025-07-15 21:04:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:11245 https://access.redhat.com/errata/RHSA-2025:11245

Comment 10 errata-xmlrpc 2025-07-29 16:55:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:12209 https://access.redhat.com/errata/RHSA-2025:12209

Comment 11 errata-xmlrpc 2025-07-30 15:16:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:12311 https://access.redhat.com/errata/RHSA-2025:12311

Comment 13 errata-xmlrpc 2025-08-11 09:39:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:13590 https://access.redhat.com/errata/RHSA-2025:13590

Comment 14 errata-xmlrpc 2025-08-11 09:45:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:13589 https://access.redhat.com/errata/RHSA-2025:13589

Comment 18 errata-xmlrpc 2025-09-02 01:46:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:14985 https://access.redhat.com/errata/RHSA-2025:14985

Comment 19 errata-xmlrpc 2025-09-10 18:23:16 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:15656 https://access.redhat.com/errata/RHSA-2025:15656

Comment 20 errata-xmlrpc 2025-09-11 01:48:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:15660 https://access.redhat.com/errata/RHSA-2025:15660

Comment 21 errata-xmlrpc 2025-10-01 00:24:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:17124 https://access.redhat.com/errata/RHSA-2025:17124

Note You need to log in before you can comment on or make changes to this bug.