{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T07:44:13.158","vulnerabilities":[{"cve":{"id":"CVE-2025-21653","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-01-19T11:15:10.940","lastModified":"2025-11-03T21:19:02.383","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute\n\nsyzbot found that TCA_FLOW_RSHIFT attribute was not validated.\nRight shitfing a 32bit integer is undefined for large shift values.\n\nUBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23\nshift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: ipv6_addrconf addrconf_dad_work\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:94 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n  ubsan_epilogue lib/ubsan.c:231 [inline]\n  __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468\n  flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329\n  tc_classify include/net/tc_wrapper.h:197 [inline]\n  __tcf_classify net/sched/cls_api.c:1771 [inline]\n  tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867\n  sfb_classify net/sched/sch_sfb.c:260 [inline]\n  sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318\n  dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793\n  __dev_xmit_skb net/core/dev.c:3889 [inline]\n  __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400\n  dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n  neigh_hh_output include/net/neighbour.h:523 [inline]\n  neigh_output include/net/neighbour.h:537 [inline]\n  ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n  iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82\n  udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173\n  geneve_xmit_skb drivers/net/geneve.c:916 [inline]\n  geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039\n  __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n  xmit_one net/core/dev.c:3590 [inline]\n  dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606\n  __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: cls_flow: validar el atributo TCA_FLOW_RSHIFT syzbot encontró que el atributo TCA_FLOW_RSHIFT no estaba validado. El uso de un entero de 32 bits con valores de desplazamiento grandes no está definido. UBSAN: cambio fuera de los límites en net/sched/cls_flow.c:329:23 El exponente de cambio 9445 es demasiado grande para el tipo de 32 bits 'u32' (también conocido como 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 No contaminado 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: ipv6_addrconf addrconf_dad_work Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:94 [en línea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [en línea] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329 tc_classify include/net/tc_wrapper.h:197 [en línea] __tcf_classify net/sched/cls_api.c:1771 [en línea] tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867 sfb_classify net/sched/sch_sfb.c:260 [en línea] sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318 dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793 __dev_xmit_skb net/core/dev.c:3889 [en línea] __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [en línea] neigh_hh_output include/net/neighbour.h:523 [en línea] neigh_output include/net/neighbour.h:537 [en línea] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82 udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173 geneve_xmit_skb drivers/net/geneve.c:916 [en línea] geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039 __netdev_start_xmit include/linux/netdevice.h:5002 [en línea] netdev_start_xmit include/linux/netdevice.h:5011 [en línea] xmit_one net/core/dev.c:3590 [en línea] dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606 __dev_queue_xmit+0x1b73/0x3f50 red/núcleo/dev.c:4434"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.4.290","matchCriteriaId":"70081DE2-4539-494D-B69A-DFD1AB86B595"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.234","matchCriteriaId":"F732162B-ED7E-4367-A5C2-B24FD9B0D33B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.177","matchCriteriaId":"71A3AFDC-A3CA-454F-8917-E998BBDE36F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.125","matchCriteriaId":"9AFD566B-ECC6-46F1-92F7-12A615D5685F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.72","matchCriteriaId":"33E12097-C88A-45B4-9677-2A961A08DD3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.10","matchCriteriaId":"02D604F6-10D1-4F7B-A022-0888406A1121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*","matchCriteriaId":"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*","matchCriteriaId":"5A073481-106D-4B15-B4C7-FB0213B8E1D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*","matchCriteriaId":"DE491969-75AE-4A6B-9A58-8FC5AF98798F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*","matchCriteriaId":"93C0660D-7FB8-4FBA-892A-B064BA71E49E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*","matchCriteriaId":"034C36A6-C481-41F3-AE9A-D116E5BE6895"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*","matchCriteriaId":"8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2011749ca96460386844dfc7e0fde53ebee96f3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/43658e4a5f2770ad94e93362885ff51c10cf3179","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6fde663f7321418996645ee602a473457640542f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9858f4afeb2e59506e714176bd3e135539a3eeec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a039e54397c6a75b713b9ce7894a62e06956aa92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a313d6e6d5f3a631cae5a241c392c28868aa5c5e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e54beb9aed2a90dddf4c5d68fcfc9a01f3e40a61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}