CVE-2025-21758
ipv6: mcast: add RCU protection to mld_newpack()
In short
A race condition in Linux kernel's IPv6 multicast code where mld_newpack() function could be called without proper synchronization protection, potentially causing memory corruption or crashes when multiple threads access it simultaneously.
Technical detail
The mld_newpack() function in IPv6 multicast handling lacked RCU (Read-Copy-Update) protection when allocating socket buffers, creating a race condition when concurrent calls occurred without RTNL lock. The fix implements RCU protection for socket charging and replaces sock_alloc_send_skb() with alloc_skb() to avoid blocking operations, preventing data structure inconsistency and potential kernel panic.
Summary generated and translated by AI from the official description.
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: add RCU protection to mld_newpack()
mld_newpack() can be called without RTNL or RCU being held.
Note that we no longer can use sock_alloc_send_skb() because
ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.
Instead use alloc_skb() and charge the net->ipv6.igmp_sk
socket under RCU protection.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cert-portal.siemens.com/productcert/html/ssa-082556.htmlhttps://git.kernel.org/stable/c/1b91c597b0214b1b462eb627ec02658c944623f2https://git.kernel.org/stable/c/25195f9d5ffcc8079ad743a50c0409dbdc48d98ahttps://git.kernel.org/stable/c/29fa42197f26a97cde29fa8c40beddf44ea5c8f3https://git.kernel.org/stable/c/a527750d877fd334de87eef81f1cb5f0f0ca3373https://git.kernel.org/stable/c/d60d493b0e65647e0335e6a7c4547abcea7df8e9https://git.kernel.org/stable/c/e8af3632a7f2da83e27b083f787bced1faba00b1https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html