SB2025040276 - Improper locking in Linux kernel switchdev
Published: April 2, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025040276
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-21986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the switchdev_port_obj_act_is_deferred(), EXPORT_SYMBOL_GPL() and call_switchdev_blocking_notifiers() functions in net/switchdev/switchdev.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1f7d051814e7a0cb1f0717ed5527c1059992129d
- https://git.kernel.org/stable/c/62531a1effa87bdab12d5104015af72e60d926ff
- https://git.kernel.org/stable/c/a597d4b75669ec82c72cbee9fe75a15d04b35b2b
- https://git.kernel.org/stable/c/af757f5ee3f754c5dceefb05c12ff37cb46fc682
- https://git.kernel.org/stable/c/f9ed3fb50b872bd78bcb01f25087f9e4e25085d8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.8