CVE-2025-21669: vsock/virtio: discard packets if the transport changes
First published: Fri Jan 31 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leading to a NULL pointer dereference.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=5.5<5.15.177 | |
| Linux Kernel | >=5.16<6.1.127 | |
| Linux Kernel | >=6.2<6.6.74 | |
| Linux Kernel | >=6.7<6.12.11 | |
| Linux Kernel | =6.13-rc1 | |
| Linux Kernel | =6.13-rc2 | |
| Linux Kernel | =6.13-rc3 | |
| Linux Kernel | =6.13-rc4 | |
| Linux Kernel | =6.13-rc5 | |
| Linux Kernel | =6.13-rc6 | |
| Linux Kernel | =6.13-rc7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/18a7fc371d1dbf8deff16c2dd9292bcc73f43040
- https://git.kernel.org/stable/c/6486915fa661584d70e8e7e4068c6c075c67dd6d
- https://git.kernel.org/stable/c/88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee
- https://git.kernel.org/stable/c/d88b249e14bd0ee1e46bbe4f456e22e01b8c68de
- https://git.kernel.org/stable/c/677579b641af109613564460a4e3bdcb16850b61
- https://git.kernel.org/stable/c/2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1
Frequently Asked Questions
What is the severity of CVE-2025-21669?
The severity of CVE-2025-21669 has not been explicitly defined but it addresses a critical issue related to socket management in the Linux kernel.
How do I fix CVE-2025-21669?
To fix CVE-2025-21669, update your Linux kernel to a version higher than 5.15.177, 6.1.127, 6.6.74, 6.12.11, or any 6.13 release candidate.
Which versions of the Linux kernel are affected by CVE-2025-21669?
CVE-2025-21669 affects Linux kernel versions between 5.5 and 5.15.177, 5.16 and 6.1.127, 6.2 and 6.6.74, 6.7 and 6.12.11, as well as various release candidates of 6.13.
What type of vulnerability is CVE-2025-21669?
CVE-2025-21669 is a network vulnerability related to the handling of vsock/virtio packets in the Linux kernel.
What consequences could arise if CVE-2025-21669 is exploited?
Exploitation of CVE-2025-21669 could lead to unexpected behavior and issues in packet handling due to mishandled socket assignments.
- agent/type
- agent/description
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/references
- agent/title
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.5
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13-rc1
- version/linux kernel/6.13-rc2
- version/linux kernel/6.13-rc3
- version/linux kernel/6.13-rc4
- version/linux kernel/6.13-rc5
- version/linux kernel/6.13-rc6
- version/linux kernel/6.13-rc7