CVE-2025-21867 in Linux
Riassunto
di VulDB • 16/06/2026
Nel kernel Linux è stata risolta la seguente vulnerabilità:
bpf, test_run: Risolto un problema di use-after-free in eth_skb_pkt_type()
KMSAN ha segnalato un problema di use-after-free in eth_skb_pkt_type()[1]. La causa del problema era che eth_skb_pkt_type() accedeva ai dati dello skb che non contenevano un header Ethernet. Ciò si verifica quando bpf_prog_test_run_xdp() passa un valore non valido come argomento user_data a bpf_test_init().
Si risolve il problema restituendo un errore quando user_data è inferiore a ETH_HLEN in bpf_test_init(). Inoltre, viene rimosso il controllo "if (user_size > size)" poiché è inutile.
[1]
BUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]
BUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]
eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635 xdp_recv_frames net/bpf/test_run.c:272 [inline]
xdp_test_run_batch net/bpf/test_run.c:361 [inline]
bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390 bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318 bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371 __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777 __do_sys_bpf kernel/bpf/syscall.c:5866 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5864 [inline]
__x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864 x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at: free_pages_prepare mm/page_alloc.c:1056 [inline]
free_unref_page+0x156/0x1320 mm/page_alloc.c:2657 __free_pages+0xa3/0x1
If you want to get best quality of vulnerability data, you may have to visit VulDB.