Ubuntu: (Multiple Advisories) (CVE-2025-21719): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: ipmr: do not call mr_mfc_uses_dev() for unres entries syzbot found that calling mr_mfc_uses_dev() for unres entries would crash [1], because c->mfc_un.res.minvif / c->mfc_un.res.maxvif alias to "struct sk_buff_head unresolved", which contain two pointers. This code never worked, lets remove it. [1] Unable to handle kernel paging request at virtual address ffff5fff2d536613 KASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f] Modules linked in: CPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline] lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334 Call trace: mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P) mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P) mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382 ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648 rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327 rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791 netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317 netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg net/socket.c:1055 [inline] sock_read_iter+0x2d8/0x40c net/socket.c:1125 new_sync_read fs/read_write.c:484 [inline] vfs_read+0x740/0x970 fs/read_write.c:565 ksys_read+0x15c/0x26c fs/read_write.c:708
Solution(s)
- ubuntu-upgrade-linux-image-5-15-0-1037-nvidia-tegra
- ubuntu-upgrade-linux-image-5-15-0-1037-nvidia-tegra-rt
- ubuntu-upgrade-linux-image-5-15-0-1066-gkeop
- ubuntu-upgrade-linux-image-5-15-0-1076-ibm
- ubuntu-upgrade-linux-image-5-15-0-1077-intel-iot-realtime
- ubuntu-upgrade-linux-image-5-15-0-1078-nvidia
- ubuntu-upgrade-linux-image-5-15-0-1078-nvidia-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-1079-intel-iotg
- ubuntu-upgrade-linux-image-5-15-0-1080-kvm
- ubuntu-upgrade-linux-image-5-15-0-1081-gke
- ubuntu-upgrade-linux-image-5-15-0-1081-oracle
- ubuntu-upgrade-linux-image-5-15-0-1083-gcp
- ubuntu-upgrade-linux-image-5-15-0-1083-gcp-fips
- ubuntu-upgrade-linux-image-5-15-0-1084-realtime
- ubuntu-upgrade-linux-image-5-15-0-1089-azure
- ubuntu-upgrade-linux-image-5-15-0-1089-azure-fips
- ubuntu-upgrade-linux-image-5-15-0-140-fips
- ubuntu-upgrade-linux-image-5-15-0-140-generic
- ubuntu-upgrade-linux-image-5-15-0-140-generic-64k
- ubuntu-upgrade-linux-image-5-15-0-140-generic-lpae
- ubuntu-upgrade-linux-image-5-15-0-140-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-140-lowlatency-64k
- ubuntu-upgrade-linux-image-5-4-0-1064-xilinx-zynqmp
- ubuntu-upgrade-linux-image-5-4-0-1092-ibm
- ubuntu-upgrade-linux-image-5-4-0-1133-kvm
- ubuntu-upgrade-linux-image-5-4-0-1144-oracle
- ubuntu-upgrade-linux-image-5-4-0-1149-gcp
- ubuntu-upgrade-linux-image-5-4-0-1149-gcp-fips
- ubuntu-upgrade-linux-image-5-4-0-1151-azure
- ubuntu-upgrade-linux-image-5-4-0-1151-azure-fips
- ubuntu-upgrade-linux-image-5-4-0-216-generic
- ubuntu-upgrade-linux-image-5-4-0-216-generic-lpae
- ubuntu-upgrade-linux-image-5-4-0-216-lowlatency
- ubuntu-upgrade-linux-image-6-11-0-1010-realtime
- ubuntu-upgrade-linux-image-6-11-0-1013-raspi
- ubuntu-upgrade-linux-image-6-11-0-1015-azure
- ubuntu-upgrade-linux-image-6-11-0-1015-azure-fde
- ubuntu-upgrade-linux-image-6-11-0-1015-gcp
- ubuntu-upgrade-linux-image-6-11-0-1015-gcp-64k
- ubuntu-upgrade-linux-image-6-11-0-1022-oem
- ubuntu-upgrade-linux-image-6-11-0-26-generic
- ubuntu-upgrade-linux-image-6-11-0-26-generic-64k
- ubuntu-upgrade-linux-image-azure
- ubuntu-upgrade-linux-image-azure-cvm
- ubuntu-upgrade-linux-image-azure-fde
- ubuntu-upgrade-linux-image-azure-fips
- ubuntu-upgrade-linux-image-azure-lts-20-04
- ubuntu-upgrade-linux-image-azure-lts-22-04
- ubuntu-upgrade-linux-image-fips
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-gcp-64k
- ubuntu-upgrade-linux-image-gcp-fips
- ubuntu-upgrade-linux-image-gcp-lts-20-04
- ubuntu-upgrade-linux-image-gcp-lts-22-04
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
- ubuntu-upgrade-linux-image-generic-hwe-24-04
- ubuntu-upgrade-linux-image-generic-lpae
- ubuntu-upgrade-linux-image-gke
- ubuntu-upgrade-linux-image-gke-5-15
- ubuntu-upgrade-linux-image-gkeop
- ubuntu-upgrade-linux-image-gkeop-5-15
- ubuntu-upgrade-linux-image-ibm
- ubuntu-upgrade-linux-image-intel-iot-realtime
- ubuntu-upgrade-linux-image-intel-iotg
- ubuntu-upgrade-linux-image-kvm
- ubuntu-upgrade-linux-image-lowlatency
- ubuntu-upgrade-linux-image-lowlatency-64k
- ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
- ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
- ubuntu-upgrade-linux-image-nvidia
- ubuntu-upgrade-linux-image-nvidia-lowlatency
- ubuntu-upgrade-linux-image-nvidia-tegra
- ubuntu-upgrade-linux-image-nvidia-tegra-rt
- ubuntu-upgrade-linux-image-oem
- ubuntu-upgrade-linux-image-oem-24-04b
- ubuntu-upgrade-linux-image-oem-osp1
- ubuntu-upgrade-linux-image-oracle
- ubuntu-upgrade-linux-image-oracle-lts-20-04
- ubuntu-upgrade-linux-image-oracle-lts-22-04
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-realtime
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-24-04
- ubuntu-upgrade-linux-image-xilinx-zynqmp
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center