Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdev_l3_rcv When delete l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s This may cause a null pointer dereference: Call trace: ip_rcv_finish+0x48/0xd0 ip_rcv+0x5c/0x100 __netif_receive_skb_one_core+0x64/0xb0 __netif_receive_skb+0x20/0x80 process_backlog+0xb4/0x204 napi_poll+0xe8/0x294 net_rx_action+0xd8/0x22c __do_softirq+0x12c/0x354 This is because l3mdev_l3_rcv() visit dev->l3mdev_ops after ipvlan_l3s_unregister() assign the dev->l3mdev_ops to NULL. The process like this: (CPU1) | (CPU2) l3mdev_l3_rcv() | check dev->priv_flags: | master = skb->dev; | | | ipvlan_l3s_unregister() | set dev->priv_flags | dev->l3mdev_ops = NULL; | visit master->l3mdev_ops | To avoid this by do not set dev->l3mdev_ops when unregister l3s ipvlan.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.1, < 6.12.46 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0032c99e83b9ce6d5995d65900aa4b6ffb501ccePatch
- https://git.kernel.org/stable/c/52b44d8c653459c658b733d13658afdde45f6836
- https://git.kernel.org/stable/c/59599bce44af3df7a215ebc81cb166426e1c9204Patch
- https://git.kernel.org/stable/c/f9dff65140efc289f01bcf39c3ca66a8806b6132Patch
FAQ
What is CVE-2025-22103?
CVE-2025-22103 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdev_l3_rcv When delete l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s...
How severe is CVE-2025-22103?
CVE-2025-22103 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-22103?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.