Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.25, < 5.4.291 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379Patch
- https://git.kernel.org/stable/c/40d8f2f2a373b6c294ffac394d2bb814b572ead1Patch
- https://git.kernel.org/stable/c/559307d25235e24b5424778c7332451b6c741159Patch
- https://git.kernel.org/stable/c/784eb2376270e086f7db136d154b8404edacf97bPatch
- https://git.kernel.org/stable/c/8666e9aab801328c1408a19fbf4070609dc0695aPatch
- https://git.kernel.org/stable/c/becbd5850c03ed33b232083dd66c6e38c0c0e569Patch
- https://git.kernel.org/stable/c/cdd5c2a12ddad8a77ce1838ff9f29aa587de82dfPatch
- https://git.kernel.org/stable/c/e1aed6be381bcd7f46d4ca9d7ef0f5f3d6a1be32Patch
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
FAQ
What is CVE-2025-21763?
CVE-2025-21763 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protecti...
How severe is CVE-2025-21763?
CVE-2025-21763 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-21763?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.