Vulnerability Details CVE-2025-21641
In the Linux kernel, the following vulnerability has been resolved:
mptcp: sysctl: blackhole timeout: avoid using current->nsproxy
As mentioned in the previous commit, using the 'net' structure via
'current' is not recommended for different reasons:
- Inconsistency: getting info from the reader's/writer's netns vs only
from the opener's netns.
- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
(null-ptr-deref), e.g. when the current task is exiting, as spotted by
syzbot [1] using acct(2).
The 'pernet' structure can be obtained from the table->data using
container_of().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2025-21641
-
cpe:2.3:o:linux:linux_kernel:6.12
-
cpe:2.3:o:linux:linux_kernel:6.12.1
-
cpe:2.3:o:linux:linux_kernel:6.12.2
-
cpe:2.3:o:linux:linux_kernel:6.12.3
-
cpe:2.3:o:linux:linux_kernel:6.12.4
-
cpe:2.3:o:linux:linux_kernel:6.12.5
-
cpe:2.3:o:linux:linux_kernel:6.12.6
-
cpe:2.3:o:linux:linux_kernel:6.12.7
-
cpe:2.3:o:linux:linux_kernel:6.12.8
-
cpe:2.3:o:linux:linux_kernel:6.12.9
-
cpe:2.3:o:linux:linux_kernel:6.13