Linux Kernel up to 6.13.3/6.14-rc2 Netlink Attribute memory corruption

Summaryinfo

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.13.3/6.14-rc2. Impacted is an unknown function of the component Netlink Attribute Handler. Executing a manipulation can lead to memory corruption. This vulnerability is registered as CVE-2025-21840. No exploit is available. You should upgrade the affected component.

Detailsinfo

A vulnerability has been found in Linux Kernel up to 6.13.3/6.14-rc2 and classified as critical. This vulnerability affects some unknown functionality of the component Netlink Attribute Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault after commit 1773572863c4 ("thermal: netlink: Add the commands and the events for the thresholds"). The issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value was changed while intel_lpmd still uses the old value. Although intel_lpmd can be updated to check the THERMAL_GENL_VERSION and use the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value, the commit itself is questionable. The commit introduced a new element in the middle of enum thermal_genl_attr, which affects many existing attributes and introduces potential risks and unnecessary maintenance burdens for userspace thermal netlink event users. Solve the issue by moving the newly introduced THERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the enum thermal_genl_attr. This ensures that all existing thermal generic netlink attributes remain unaffected. [ rjw: Subject edits ]

The advisory is available at git.kernel.org. This vulnerability was named CVE-2025-21840 since 12/29/2024. The exploitation appears to be easy. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 02/16/2026).

Upgrading to version 6.13.4 or 6.14-rc3 eliminates this vulnerability. Applying the patch 3a4ca365c51729143a2cab693cd40fe0bb585ef0/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-0499). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Affected

• Google Container-Optimized OS
• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• RESF Rocky Linux
• SolarWinds Security Event Manager
• Open Source Linux Kernel
• Dell Secure Connect Gateway

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.13.0
• 6.13.1
• 6.13.2
• 6.13.3
• 6.14-rc1
• 6.14-rc2

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion