vulnerability

Alma Linux: CVE-2025-21867: Important: kernel security update (ALSA-2025-13962)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Aug 18, 2025	Aug 25, 2025	Aug 25, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Aug 18, 2025

Added

Aug 25, 2025

Modified

Aug 25, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The
cause of the issue was that eth_skb_pkt_type() accessed skb's data
that didn't contain an Ethernet header. This occurs when
bpf_prog_test_run_xdp() passes an invalid value as the user_data
argument to bpf_test_init().

Fix this by returning an error when user_data is less than ETH_HLEN in
bpf_test_init(). Additionally, remove the check for "if (user_size >
size)" as it is unnecessary.

[1]
BUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]
BUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165
eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]
eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165
__xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635
xdp_recv_frames net/bpf/test_run.c:272 [inline]
xdp_test_run_batch net/bpf/test_run.c:361 [inline]
bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390
bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318
bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371
__sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777
__do_sys_bpf kernel/bpf/syscall.c:5866 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5864 [inline]
__x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864
x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
free_pages_prepare mm/page_alloc.c:1056 [inline]
free_unref_page+0x156/0x1320 mm/page_alloc.c:2657
__free_pages+0xa3/0x1b0 mm/page_alloc.c:4838
bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]
ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235
bpf_map_free kernel/bpf/syscall.c:838 [inline]
bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310
worker_thread+0xedf/0x1550 kernel/workqueue.c:3391
kthread+0x535/0x6b0 kernel/kthread.c:389
ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

CPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014

Solutions

alma-upgrade-kernelalma-upgrade-kernel-64kalma-upgrade-kernel-64k-corealma-upgrade-kernel-64k-debugalma-upgrade-kernel-64k-debug-corealma-upgrade-kernel-64k-debug-develalma-upgrade-kernel-64k-debug-devel-matchedalma-upgrade-kernel-64k-debug-modulesalma-upgrade-kernel-64k-debug-modules-corealma-upgrade-kernel-64k-debug-modules-extraalma-upgrade-kernel-64k-develalma-upgrade-kernel-64k-devel-matchedalma-upgrade-kernel-64k-modulesalma-upgrade-kernel-64k-modules-corealma-upgrade-kernel-64k-modules-extraalma-upgrade-kernel-abi-stablelistsalma-upgrade-kernel-corealma-upgrade-kernel-cross-headersalma-upgrade-kernel-debugalma-upgrade-kernel-debug-corealma-upgrade-kernel-debug-develalma-upgrade-kernel-debug-devel-matchedalma-upgrade-kernel-debug-modulesalma-upgrade-kernel-debug-modules-corealma-upgrade-kernel-debug-modules-extraalma-upgrade-kernel-debug-uki-virtalma-upgrade-kernel-develalma-upgrade-kernel-devel-matchedalma-upgrade-kernel-docalma-upgrade-kernel-headersalma-upgrade-kernel-modulesalma-upgrade-kernel-modules-corealma-upgrade-kernel-modules-extraalma-upgrade-kernel-rtalma-upgrade-kernel-rt-64kalma-upgrade-kernel-rt-64k-corealma-upgrade-kernel-rt-64k-debugalma-upgrade-kernel-rt-64k-debug-corealma-upgrade-kernel-rt-64k-debug-develalma-upgrade-kernel-rt-64k-debug-modulesalma-upgrade-kernel-rt-64k-debug-modules-corealma-upgrade-kernel-rt-64k-debug-modules-extraalma-upgrade-kernel-rt-64k-develalma-upgrade-kernel-rt-64k-modulesalma-upgrade-kernel-rt-64k-modules-corealma-upgrade-kernel-rt-64k-modules-extraalma-upgrade-kernel-rt-corealma-upgrade-kernel-rt-debugalma-upgrade-kernel-rt-debug-corealma-upgrade-kernel-rt-debug-develalma-upgrade-kernel-rt-debug-kvmalma-upgrade-kernel-rt-debug-modulesalma-upgrade-kernel-rt-debug-modules-corealma-upgrade-kernel-rt-debug-modules-extraalma-upgrade-kernel-rt-develalma-upgrade-kernel-rt-kvmalma-upgrade-kernel-rt-modulesalma-upgrade-kernel-rt-modules-corealma-upgrade-kernel-rt-modules-extraalma-upgrade-kernel-toolsalma-upgrade-kernel-tools-libsalma-upgrade-kernel-tools-libs-develalma-upgrade-kernel-uki-virtalma-upgrade-kernel-uki-virt-addonsalma-upgrade-kernel-zfcpdumpalma-upgrade-kernel-zfcpdump-corealma-upgrade-kernel-zfcpdump-develalma-upgrade-kernel-zfcpdump-devel-matchedalma-upgrade-kernel-zfcpdump-modulesalma-upgrade-kernel-zfcpdump-modules-corealma-upgrade-kernel-zfcpdump-modules-extraalma-upgrade-libperfalma-upgrade-perfalma-upgrade-python3-perfalma-upgrade-rtlaalma-upgrade-rv

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today