CVE-2025-21972

Published: Apr 1, 2025Modified: Oct 31, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the frag_list used for reassembly isn't shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular references between fragments and their skb_shared_info. The upcoming MCTP-over-USB driver uses skb_clone which can trigger the problem - other MCTP drivers don't share SKBs. A kunit test is added to reproduce the issue.

Affected (8)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.15 to 6.12.20
Linux Linux Kernel	From 6.13 to 6.13.8
Linux Linux Kernel	Version 6.14 rc1
Linux Linux Kernel	Version 6.14 rc2
Linux Linux Kernel	Version 6.14 rc3
Linux Linux Kernel	Version 6.14 rc4
Linux Linux Kernel	Version 6.14 rc5
Linux Linux Kernel	Version 6.14 rc6

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://git.kernel.org/stable/c/5c47d5bfa7b096cf8890afac32141c578583f8e0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f44fff3d3c6cd67b6f348b821d73c4d6888c7a6e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f5d83cf0eeb90fade4d5c4d17d24b8bee9ceeecc

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.