CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy

First published: Sun Jan 19 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/first-publish-date
• agent/type
• agent/title
• agent/author
• agent/description
• agent/source
• collector/epss-latest
• source/FIRST
• agent/epss
• collector/mitre-cve
• source/MITRE
• agent/references
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• agent/remedy
• agent/weakness
• agent/severity
• agent/softwarecombine
• agent/last-modified-date
• agent/event
• agent/tags
• collector/nvd-api
• source/NVD
• vendor/linux
• canonical/linux kernel
• version/linux kernel/3.13
• version/linux kernel/6.2
• version/linux kernel/6.7
• version/linux kernel/6.13-rc1
• version/linux kernel/6.13-rc2
• version/linux kernel/6.13-rc3
• version/linux kernel/6.13-rc4
• version/linux kernel/6.13-rc5
• version/linux kernel/6.13-rc6