vulnerability

Ubuntu: (Multiple Advisories) (CVE-2025-21891): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Mar 27, 2025	May 21, 2025	Oct 16, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Mar 27, 2025

Added

May 21, 2025

Modified

Oct 16, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

ipvlan: ensure network headers are in skb linear part

syzbot found that ipvlan_process_v6_outbound() was assuming
the IPv6 network header isis present in skb->head [1]

Add the needed pskb_network_may_pull() calls for both
IPv4 and IPv6 handlers.

[1]
BUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47
__ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47
ipv6_addr_type include/net/ipv6.h:555 [inline]
ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]
ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651
ip6_route_output include/net/ip6_route.h:93 [inline]
ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476
ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]
ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671
ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223
__netdev_start_xmit include/linux/netdevice.h:5150 [inline]
netdev_start_xmit include/linux/netdevice.h:5159 [inline]
xmit_one net/core/dev.c:3735 [inline]
dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751
sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343
qdisc_restart net/sched/sch_generic.c:408 [inline]
__qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416
qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127
net_tx_action+0x78b/0x940 net/core/dev.c:5484
handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561
__do_softirq+0x14/0x1a kernel/softirq.c:595
do_softirq+0x9a/0x100 kernel/softirq.c:462
__local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
__dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611
dev_queue_xmit include/linux/netdevice.h:3311 [inline]
packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3132 [inline]
packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164
sock_sendmsg_nosec net/socket.c:718 [inline]

Solutions

ubuntu-upgrade-linux-image-6-11-0-1010-realtimeubuntu-upgrade-linux-image-6-11-0-1013-raspiubuntu-upgrade-linux-image-6-11-0-1014-awsubuntu-upgrade-linux-image-6-11-0-1014-lowlatencyubuntu-upgrade-linux-image-6-11-0-1014-lowlatency-64kubuntu-upgrade-linux-image-6-11-0-1015-azureubuntu-upgrade-linux-image-6-11-0-1015-azure-fdeubuntu-upgrade-linux-image-6-11-0-1015-gcpubuntu-upgrade-linux-image-6-11-0-1015-gcp-64kubuntu-upgrade-linux-image-6-11-0-1016-oracleubuntu-upgrade-linux-image-6-11-0-1016-oracle-64kubuntu-upgrade-linux-image-6-11-0-1022-oemubuntu-upgrade-linux-image-6-11-0-26-genericubuntu-upgrade-linux-image-6-11-0-26-generic-64kubuntu-upgrade-linux-image-6-8-0-1023-gkeopubuntu-upgrade-linux-image-6-8-0-1025-azure-nvidiaubuntu-upgrade-linux-image-6-8-0-1036-azureubuntu-upgrade-linux-image-6-8-0-1036-azure-fdeubuntu-upgrade-linux-image-6-8-0-1036-gkeubuntu-upgrade-linux-image-6-8-0-1036-gke-64kubuntu-upgrade-linux-image-6-8-0-1037-ibmubuntu-upgrade-linux-image-6-8-0-1037-oracleubuntu-upgrade-linux-image-6-8-0-1037-oracle-64kubuntu-upgrade-linux-image-6-8-0-1038-azureubuntu-upgrade-linux-image-6-8-0-1038-azure-fdeubuntu-upgrade-linux-image-6-8-0-1039-awsubuntu-upgrade-linux-image-6-8-0-1039-aws-64kubuntu-upgrade-linux-image-6-8-0-1039-nvidiaubuntu-upgrade-linux-image-6-8-0-1039-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1039-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1039-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1039-raspiubuntu-upgrade-linux-image-6-8-0-1040-gcpubuntu-upgrade-linux-image-6-8-0-1040-gcp-64kubuntu-upgrade-linux-image-6-8-0-2031-raspi-realtimeubuntu-upgrade-linux-image-6-8-0-84-genericubuntu-upgrade-linux-image-6-8-0-84-generic-64kubuntu-upgrade-linux-image-6-8-0-84-lowlatencyubuntu-upgrade-linux-image-6-8-0-84-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-85-genericubuntu-upgrade-linux-image-6-8-0-85-generic-64kubuntu-upgrade-linux-image-6-8-1-1034-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-6-8ubuntu-upgrade-linux-image-aws-64kubuntu-upgrade-linux-image-aws-64k-6-8ubuntu-upgrade-linux-image-aws-64k-lts-24-04ubuntu-upgrade-linux-image-aws-lts-24-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-6-8ubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-6-8ubuntu-upgrade-linux-image-azure-fde-lts-24-04ubuntu-upgrade-linux-image-azure-lts-24-04ubuntu-upgrade-linux-image-azure-nvidiaubuntu-upgrade-linux-image-azure-nvidia-6-8ubuntu-upgrade-linux-image-azure-nvidia-lts-24-04ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-6-8ubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-6-8ubuntu-upgrade-linux-image-gcp-64k-lts-24-04ubuntu-upgrade-linux-image-gcp-lts-24-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-6-8ubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-6-8ubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-6-8ubuntu-upgrade-linux-image-gke-64kubuntu-upgrade-linux-image-gke-64k-6-8ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-6-8ubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-6-8ubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-6-8ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-24-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-6-8ubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-nvidia-lowlatency-64k-6-8ubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-6-8ubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-6-8ubuntu-upgrade-linux-image-oracle-64k-lts-24-04ubuntu-upgrade-linux-image-oracle-lts-24-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-6-8ubuntu-upgrade-linux-image-raspi-realtimeubuntu-upgrade-linux-image-raspi-realtime-6-8ubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-6-8-1ubuntu-upgrade-linux-image-realtime-hwe-22-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-6-8ubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today