{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T22:27:19.464","vulnerabilities":[{"cve":{"id":"CVE-2025-21812","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-27T20:16:03.783","lastModified":"2025-11-03T21:19:12.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nax25: rcu protect dev->ax25_ptr\n\nsyzbot found a lockdep issue [1].\n\nWe should remove ax25 RTNL dependency in ax25_setsockopt()\n\nThis should also fix a variety of possible UAF in ax25.\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted\n------------------------------------------------------\nsyz.5.1818\/12806 is trying to acquire lock:\n ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55\/0xe90 net\/ax25\/af_ax25.c:680\n\nbut task is already holding lock:\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include\/net\/sock.h:1618 [inline]\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209\/0xe90 net\/ax25\/af_ax25.c:574\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (sk_lock-AF_AX25){+.+.}-{0:0}:\n        lock_acquire+0x1ed\/0x550 kernel\/locking\/lockdep.c:5849\n        lock_sock_nested+0x48\/0x100 net\/core\/sock.c:3642\n        lock_sock include\/net\/sock.h:1618 [inline]\n        ax25_kill_by_device net\/ax25\/af_ax25.c:101 [inline]\n        ax25_device_event+0x24d\/0x580 net\/ax25\/af_ax25.c:146\n        notifier_call_chain+0x1a5\/0x3f0 kernel\/notifier.c:85\n       __dev_notify_flags+0x207\/0x400\n        dev_change_flags+0xf0\/0x1a0 net\/core\/dev.c:9026\n        dev_ifsioc+0x7c8\/0xe70 net\/core\/dev_ioctl.c:563\n        dev_ioctl+0x719\/0x1340 net\/core\/dev_ioctl.c:820\n        sock_do_ioctl+0x240\/0x460 net\/socket.c:1234\n        sock_ioctl+0x626\/0x8e0 net\/socket.c:1339\n        vfs_ioctl fs\/ioctl.c:51 [inline]\n        __do_sys_ioctl fs\/ioctl.c:906 [inline]\n        __se_sys_ioctl+0xf5\/0x170 fs\/ioctl.c:892\n        do_syscall_x64 arch\/x86\/entry\/common.c:52 [inline]\n        do_syscall_64+0xf3\/0x230 arch\/x86\/entry\/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77\/0x7f\n\n-> #0 (rtnl_mutex){+.+.}-{4:4}:\n        check_prev_add kernel\/locking\/lockdep.c:3161 [inline]\n        check_prevs_add kernel\/locking\/lockdep.c:3280 [inline]\n        validate_chain+0x18ef\/0x5920 kernel\/locking\/lockdep.c:3904\n        __lock_acquire+0x1397\/0x2100 kernel\/locking\/lockdep.c:5226\n        lock_acquire+0x1ed\/0x550 kernel\/locking\/lockdep.c:5849\n        __mutex_lock_common kernel\/locking\/mutex.c:585 [inline]\n        __mutex_lock+0x1ac\/0xee0 kernel\/locking\/mutex.c:735\n        ax25_setsockopt+0xa55\/0xe90 net\/ax25\/af_ax25.c:680\n        do_sock_setsockopt+0x3af\/0x720 net\/socket.c:2324\n        __sys_setsockopt net\/socket.c:2349 [inline]\n        __do_sys_setsockopt net\/socket.c:2355 [inline]\n        __se_sys_setsockopt net\/socket.c:2352 [inline]\n        __x64_sys_setsockopt+0x1ee\/0x280 net\/socket.c:2352\n        do_syscall_x64 arch\/x86\/entry\/common.c:52 [inline]\n        do_syscall_64+0xf3\/0x230 arch\/x86\/entry\/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77\/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(sk_lock-AF_AX25);\n                               lock(rtnl_mutex);\n                               lock(sk_lock-AF_AX25);\n  lock(rtnl_mutex);\n\n *** DEADLOCK ***\n\n1 lock held by syz.5.1818\/12806:\n  #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include\/net\/sock.h:1618 [inline]\n  #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209\/0xe90 net\/ax25\/af_ax25.c:574\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine\/Google Compute Engine, BIOS Google 09\/13\/2024\nCall Trace:\n <TASK>\n  __dump_stack lib\/dump_stack.c:94 [inline]\n  dump_stack_lvl+0x241\/0x360 lib\/dump_stack.c:120\n  print_circular_bug+0x13a\/0x1b0 kernel\/locking\/lockdep.c:2074\n  check_noncircular+0x36a\/0x4a0 kernel\/locking\/lockdep.c:2206\n  check_prev_add kernel\/locking\/lockdep.c:3161 [inline]\n  check_prevs_add kernel\/lockin\n---truncated---"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: rcu protect dev-&gt;ax25_ptr syzbot encontró un problema de lockdep [1]. Deberíamos eliminar la dependencia RTNL de ax25 en ax25_setsockopt(). Esto también debería solucionar una variedad de posibles UAF en ax25. [1] ADVERTENCIA: se detectó una posible dependencia de bloqueo circular 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted ------------------------------------------------------ syz.5.1818\/12806 is trying to acquire lock: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55\/0xe90 net\/ax25\/af_ax25.c:680 but task is already holding lock: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include\/net\/sock.h:1618 [inline] ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209\/0xe90 net\/ax25\/af_ax25.c:574 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -&gt; #1 (sk_lock-AF_AX25){+.+.}-{0:0}: lock_acquire+0x1ed\/0x550 kernel\/locking\/lockdep.c:5849 lock_sock_nested+0x48\/0x100 net\/core\/sock.c:3642 lock_sock include\/net\/sock.h:1618 [inline] ax25_kill_by_device net\/ax25\/af_ax25.c:101 [inline] ax25_device_event+0x24d\/0x580 net\/ax25\/af_ax25.c:146 notifier_call_chain+0x1a5\/0x3f0 kernel\/notifier.c:85 __dev_notify_flags+0x207\/0x400 dev_change_flags+0xf0\/0x1a0 net\/core\/dev.c:9026 dev_ifsioc+0x7c8\/0xe70 net\/core\/dev_ioctl.c:563 dev_ioctl+0x719\/0x1340 net\/core\/dev_ioctl.c:820 sock_do_ioctl+0x240\/0x460 net\/socket.c:1234 sock_ioctl+0x626\/0x8e0 net\/socket.c:1339 vfs_ioctl fs\/ioctl.c:51 [inline] __do_sys_ioctl fs\/ioctl.c:906 [inline] __se_sys_ioctl+0xf5\/0x170 fs\/ioctl.c:892 do_syscall_x64 arch\/x86\/entry\/common.c:52 [inline] do_syscall_64+0xf3\/0x230 arch\/x86\/entry\/common.c:83 entry_SYSCALL_64_after_hwframe+0x77\/0x7f -&gt; #0 (rtnl_mutex){+.+.}-{4:4}: check_prev_add kernel\/locking\/lockdep.c:3161 [inline] check_prevs_add kernel\/locking\/lockdep.c:3280 [inline] validate_chain+0x18ef\/0x5920 kernel\/locking\/lockdep.c:3904 __lock_acquire+0x1397\/0x2100 kernel\/locking\/lockdep.c:5226 lock_acquire+0x1ed\/0x550 kernel\/locking\/lockdep.c:5849 __mutex_lock_common kernel\/locking\/mutex.c:585 [inline] __mutex_lock+0x1ac\/0xee0 kernel\/locking\/mutex.c:735 ax25_setsockopt+0xa55\/0xe90 net\/ax25\/af_ax25.c:680 do_sock_setsockopt+0x3af\/0x720 net\/socket.c:2324 __sys_setsockopt net\/socket.c:2349 [inline] __do_sys_setsockopt net\/socket.c:2355 [inline] __se_sys_setsockopt net\/socket.c:2352 [inline] __x64_sys_setsockopt+0x1ee\/0x280 net\/socket.c:2352 do_syscall_x64 arch\/x86\/entry\/common.c:52 [inline] do_syscall_64+0xf3\/0x230 arch\/x86\/entry\/common.c:83 entry_SYSCALL_64_after_hwframe+0x77\/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_AX25); lock(rtnl_mutex); lock(sk_lock-AF_AX25); lock(rtnl_mutex); *** DEADLOCK *** 1 lock held by syz.5.1818\/12806: #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include\/net\/sock.h:1618 [inline] #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209\/0xe90 net\/ax25\/af_ax25.c:574 stack backtrace: CPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine\/Google Compute Engine, BIOS Google 09\/13\/2024 Call Trace:  __dump_stack lib\/dump_stack.c:94 [inline] dump_stack_lvl+0x241\/0x360 lib\/dump_stack.c:120 print_circular_bug+0x13a\/0x1b0 kernel\/locking\/lockdep.c:2074 check_noncircular+0x36a\/0x4a0 kernel\/locking\/lockdep.c:2206 check_prev_add kernel\/locking\/lockdep.c:3161 [inline] check_prevs_add kernel\/lockin ---truncated--- "}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.132","versionEndExcluding":"3.19","matchCriteriaId":"FB301D8A-4CE6-493F-94B4-AFA5737C1EC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.170","versionEndExcluding":"4.5","matchCriteriaId":"6D2CF938-4FA1-416D-AC49-F221731F57ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.149","versionEndExcluding":"4.10","matchCriteriaId":"2190C728-9805-46C1-BD8D-005E50F0EEB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.92","versionEndExcluding":"4.15","matchCriteriaId":"38A1AC7C-17D5-4E10-97A0-ED3637CD9D40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.14","versionEndExcluding":"4.20","matchCriteriaId":"9C3378FE-6F2A-4485-958F-60A3779C280F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20.1","versionEndExcluding":"6.1.129","matchCriteriaId":"F12C53B3-1DD7-47D6-857F-A60A2DB0DF0A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.76","matchCriteriaId":"A6D70701-9CB6-4222-A957-00A419878993"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.13","matchCriteriaId":"2897389C-A8C3-4D69-90F2-E701B3D66373"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.2","matchCriteriaId":"6D4116B1-1BFD-4F23-BA84-169CC05FC5A3"}]}]}],"references":[{"url":"https:\/\/git.kernel.org\/stable\/c\/2802ed4ced27ebd474828fc67ffd7d66f11e3605","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/7705d8a7f2c26c80973c81093db07c6022b2b30e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/8937f5e38a218531dce2a89fae60e3adcc2311e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/95fc45d1dea8e1253f8ec58abc5befb71553d666","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/c2531db6de3c95551be58878f859c6a053b7eb2e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2025\/03\/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}