{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21638","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.727Z","datePublished":"2025-01-19T10:17:56.084Z","dateUpdated":"2025-11-03T20:58:17.877Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T13:06:00.778Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n  from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, but that would\nincrease the size of this fix, while 'sctp.ctl_sock' still needs to be\nretrieved from 'net' structure."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sctp/sysctl.c"],"versions":[{"version":"b14878ccb7fac0242db82720b784ab62c467c0dc","lessThan":"cf387cdebfaebae228dfba162f94c567a67610c3","status":"affected","versionType":"git"},{"version":"b14878ccb7fac0242db82720b784ab62c467c0dc","lessThan":"dc583e7e5f8515ca489c0df28e4362a70eade382","status":"affected","versionType":"git"},{"version":"b14878ccb7fac0242db82720b784ab62c467c0dc","lessThan":"bd2a2939423566c654545fa3e96a656662a0af9e","status":"affected","versionType":"git"},{"version":"b14878ccb7fac0242db82720b784ab62c467c0dc","lessThan":"1b67030d39f2b00f94ac1f0af11ba6657589e4d3","status":"affected","versionType":"git"},{"version":"b14878ccb7fac0242db82720b784ab62c467c0dc","lessThan":"7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6","status":"affected","versionType":"git"},{"version":"b14878ccb7fac0242db82720b784ab62c467c0dc","lessThan":"c184bc621e3cef03ac9ba81a50dda2dae6a21d36","status":"affected","versionType":"git"},{"version":"b14878ccb7fac0242db82720b784ab62c467c0dc","lessThan":"15649fd5415eda664ef35780c2013adeb5d9c695","status":"affected","versionType":"git"},{"version":"e5eae4a0511241959498b180fa0df0d4f1b11b9c","status":"affected","versionType":"git"},{"version":"88830f227a1f96e44d82ddfcb0cc81d517ec6dd8","status":"affected","versionType":"git"},{"version":"3938b0336a93fa5faa242dc9e5823ac69df9e066","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sctp/sysctl.c"],"versions":[{"version":"3.15","status":"affected"},{"version":"0","lessThan":"3.15","status":"unaffected","versionType":"semver"},{"version":"5.4.292","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.234","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.177","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.125","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.72","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.10","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.4.292"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.10.234"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.15.177"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.1.125"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.6.72"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.12.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.41"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cf387cdebfaebae228dfba162f94c567a67610c3"},{"url":"https://git.kernel.org/stable/c/dc583e7e5f8515ca489c0df28e4362a70eade382"},{"url":"https://git.kernel.org/stable/c/bd2a2939423566c654545fa3e96a656662a0af9e"},{"url":"https://git.kernel.org/stable/c/1b67030d39f2b00f94ac1f0af11ba6657589e4d3"},{"url":"https://git.kernel.org/stable/c/7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6"},{"url":"https://git.kernel.org/stable/c/c184bc621e3cef03ac9ba81a50dda2dae6a21d36"},{"url":"https://git.kernel.org/stable/c/15649fd5415eda664ef35780c2013adeb5d9c695"}],"title":"sctp: sysctl: auth_enable: avoid using current->nsproxy","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:58:17.877Z"}}]}}