THREAT OPS › Threat News › [NVD] CVE-2025-21760 (HIGH 7.8) — In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb()
ndisc_send_skb() can be called without RTNL or RCU held.
Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu()
and avoid a potential UAF.
[NVD] CVE-2025-21760 (HIGH 7.8) — In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.
CVE-2025-21760 CVSS: 7.8 HIGH Published: 2025-02-27T03:15:16.653
In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb()
ndisc_send_skb() can be called without RTNL or RCU held.
Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.
Indicators of compromise
- CVE-2025-21760cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-21760