THREATOPS
THREAT OPSThreat News › [NVD] CVE-2025-21760 (HIGH 7.8) — In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.

[NVD] CVE-2025-21760 (HIGH 7.8) — In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.

lownvdPublished 2025-02-27

CVE-2025-21760 CVSS: 7.8 HIGH Published: 2025-02-27T03:15:16.653

In the Linux kernel, the following vulnerability has been resolved:

ndisc: extend RCU protection in ndisc_send_skb()

ndisc_send_skb() can be called without RTNL or RCU held.

Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-21760