CVE-2025-21716: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix uninit-value in vxlan_vnifilter_dump() KMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1]. If the length of the netlink message payload is less than sizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes beyond the message. This can lead to uninit-value access. Fix this by returning an error in such situations. [1] BUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422 vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422 rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786 netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317 __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432 netlink_dump_start include/linux/netlink.h:340 [inline] rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline] rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882 netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:726 ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637 __sys_sendmsg net/socket.c:2669 [inline] __do_sys_sendmsg net/socket.c:2674 [inline] __se_sys_sendmsg net/socket.c:2672 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672 x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4110 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205 kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587 __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1323 [inline] netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196 netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:726 ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637 __sys_sendmsg net/socket.c:2669 [inline] __do_sys_sendmsg net/socket.c:2674 [inline] __se_sys_sendmsg net/socket.c:2672 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672 x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
AI Analysis
Technical Summary
CVE-2025-21716 is a vulnerability identified in the Linux kernel's VXLAN (Virtual Extensible LAN) networking component, specifically within the function vxlan_vnifilter_dump(). The issue arises due to an uninitialized value access triggered when the length of a netlink message payload is smaller than the size of the expected structure (struct tunnel_msg). In such cases, vxlan_vnifilter_dump() attempts to access memory beyond the provided message buffer, leading to the use of uninitialized data. This flaw was detected by Kernel Memory Sanitizer (KMSAN), which flagged the uninitialized value usage during netlink message processing. The vulnerability is rooted in improper validation of netlink message lengths before accessing their contents, which can cause undefined behavior or potentially leak sensitive kernel memory contents. The problem occurs during netlink dump operations related to VXLAN virtual network interface filtering, a feature used in overlay networking for encapsulating Layer 2 frames within Layer 3 UDP packets. The kernel call stack shows that the flaw is triggered during rtnetlink message handling, which is a common interface for network configuration and monitoring in Linux. While the vulnerability does not appear to have known exploits in the wild, it represents a risk of information leakage or kernel memory corruption due to uninitialized memory reads. The fix involves adding proper length checks to return errors when netlink messages are too short, preventing out-of-bounds memory access. This vulnerability affects Linux kernel versions prior to the patch and is relevant for systems using VXLAN networking features, which are common in cloud, container, and virtualized environments. No CVSS score is assigned yet, but the technical details indicate a moderate risk due to the nature of the flaw and its exploitation complexity.
Potential Impact
For European organizations, the impact of CVE-2025-21716 depends largely on their use of Linux systems with VXLAN networking enabled. VXLAN is widely used in data centers, cloud infrastructures, and container orchestration platforms such as Kubernetes, which are prevalent in European enterprises and service providers. Exploitation could lead to unauthorized kernel memory reads, potentially exposing sensitive information or causing instability in network functions. Although this vulnerability does not directly enable remote code execution or privilege escalation, the exposure of uninitialized kernel memory could aid attackers in crafting further attacks or bypassing security mechanisms. Organizations relying on Linux-based network virtualization, especially those operating multi-tenant cloud environments or virtualized network overlays, are at higher risk. The vulnerability could affect confidentiality and integrity of network operations and data. Given the critical role of Linux in European critical infrastructure, telecommunications, and cloud services, unpatched systems could face increased risk of targeted attacks or information leakage. However, exploitation requires crafted netlink messages, which typically necessitate local or privileged access, limiting the attack surface to insiders or attackers who have already compromised a system to some extent.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Specifically, kernel updates that include the fix for vxlan_vnifilter_dump() should be applied promptly. Network administrators should audit the use of VXLAN features and consider disabling VXLAN interfaces if not required. Implement strict access controls on netlink sockets to limit which users and processes can send netlink messages, reducing the risk of exploitation by unprivileged users. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Memory Sanitizer (KMSAN) where possible to detect and mitigate memory-related issues. Monitoring and logging of rtnetlink and VXLAN-related network activities can help detect anomalous behavior indicative of exploitation attempts. For containerized environments, ensure that container runtimes and orchestration platforms are updated and configured to restrict unnecessary network capabilities. Finally, conduct regular vulnerability assessments and penetration testing focusing on kernel and network stack components to identify potential exploitation paths.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2025-21716: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix uninit-value in vxlan_vnifilter_dump() KMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1]. If the length of the netlink message payload is less than sizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes beyond the message. This can lead to uninit-value access. Fix this by returning an error in such situations. [1] BUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422 vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422 rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786 netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317 __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432 netlink_dump_start include/linux/netlink.h:340 [inline] rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline] rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882 netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:726 ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637 __sys_sendmsg net/socket.c:2669 [inline] __do_sys_sendmsg net/socket.c:2674 [inline] __se_sys_sendmsg net/socket.c:2672 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672 x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4110 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205 kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587 __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1323 [inline] netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196 netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:726 ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637 __sys_sendmsg net/socket.c:2669 [inline] __do_sys_sendmsg net/socket.c:2674 [inline] __se_sys_sendmsg net/socket.c:2672 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672 x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
AI-Powered Analysis
Technical Analysis
CVE-2025-21716 is a vulnerability identified in the Linux kernel's VXLAN (Virtual Extensible LAN) networking component, specifically within the function vxlan_vnifilter_dump(). The issue arises due to an uninitialized value access triggered when the length of a netlink message payload is smaller than the size of the expected structure (struct tunnel_msg). In such cases, vxlan_vnifilter_dump() attempts to access memory beyond the provided message buffer, leading to the use of uninitialized data. This flaw was detected by Kernel Memory Sanitizer (KMSAN), which flagged the uninitialized value usage during netlink message processing. The vulnerability is rooted in improper validation of netlink message lengths before accessing their contents, which can cause undefined behavior or potentially leak sensitive kernel memory contents. The problem occurs during netlink dump operations related to VXLAN virtual network interface filtering, a feature used in overlay networking for encapsulating Layer 2 frames within Layer 3 UDP packets. The kernel call stack shows that the flaw is triggered during rtnetlink message handling, which is a common interface for network configuration and monitoring in Linux. While the vulnerability does not appear to have known exploits in the wild, it represents a risk of information leakage or kernel memory corruption due to uninitialized memory reads. The fix involves adding proper length checks to return errors when netlink messages are too short, preventing out-of-bounds memory access. This vulnerability affects Linux kernel versions prior to the patch and is relevant for systems using VXLAN networking features, which are common in cloud, container, and virtualized environments. No CVSS score is assigned yet, but the technical details indicate a moderate risk due to the nature of the flaw and its exploitation complexity.
Potential Impact
For European organizations, the impact of CVE-2025-21716 depends largely on their use of Linux systems with VXLAN networking enabled. VXLAN is widely used in data centers, cloud infrastructures, and container orchestration platforms such as Kubernetes, which are prevalent in European enterprises and service providers. Exploitation could lead to unauthorized kernel memory reads, potentially exposing sensitive information or causing instability in network functions. Although this vulnerability does not directly enable remote code execution or privilege escalation, the exposure of uninitialized kernel memory could aid attackers in crafting further attacks or bypassing security mechanisms. Organizations relying on Linux-based network virtualization, especially those operating multi-tenant cloud environments or virtualized network overlays, are at higher risk. The vulnerability could affect confidentiality and integrity of network operations and data. Given the critical role of Linux in European critical infrastructure, telecommunications, and cloud services, unpatched systems could face increased risk of targeted attacks or information leakage. However, exploitation requires crafted netlink messages, which typically necessitate local or privileged access, limiting the attack surface to insiders or attackers who have already compromised a system to some extent.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Specifically, kernel updates that include the fix for vxlan_vnifilter_dump() should be applied promptly. Network administrators should audit the use of VXLAN features and consider disabling VXLAN interfaces if not required. Implement strict access controls on netlink sockets to limit which users and processes can send netlink messages, reducing the risk of exploitation by unprivileged users. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Memory Sanitizer (KMSAN) where possible to detect and mitigate memory-related issues. Monitoring and logging of rtnetlink and VXLAN-related network activities can help detect anomalous behavior indicative of exploitation attempts. For containerized environments, ensure that container runtimes and orchestration platforms are updated and configured to restrict unnecessary network capabilities. Finally, conduct regular vulnerability assessments and penetration testing focusing on kernel and network stack components to identify potential exploitation paths.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.753Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe859d
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:26:28 AM
Last updated: 7/29/2025, 4:22:46 PM
Views: 10
Related Threats
CVE-2025-9027: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-9026: OS Command Injection in D-Link DIR-860L
MediumCVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumCVE-2025-9024: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2025-9023: Buffer Overflow in Tenda AC7
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.