CVE-2025-21790: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167] CPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912 Code: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00 RSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb RDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18 RBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000 R13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000 FS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942 unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824 unregister_netdevice_many net/core/dev.c:11866 [inline] unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736 register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901 __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981 vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407 rtnl_newlink_create net/core/rtnetlink.c:3795 [inline] __rtnl_newlink net/core/rtnetlink.c:3906 [inline]
AI Analysis
Technical Summary
CVE-2025-21790 is a vulnerability identified in the Linux kernel's VXLAN (Virtual Extensible LAN) implementation, specifically within the vxlan_vnigroup_init() function. The issue arises because the vxlan_init() function does not properly check the return value of vxlan_vnigroup_init(). If vxlan_vnigroup_init() fails, this lack of error handling leads to a later crash in the kernel, as evidenced by a general protection fault and null pointer dereference detected by the Kernel Address Sanitizer (KASAN). The crash occurs due to dereferencing invalid or null pointers, causing a general protection fault and kernel panic. The vulnerability was discovered through automated fuzzing by syzbot, which triggered the crash by exercising the VXLAN code paths. The technical details show that the fault occurs in vxlan_vnigroup_uninit() during cleanup operations, indicating that improper initialization error handling leads to unstable kernel state and memory corruption. This vulnerability affects Linux kernel versions identified by the commit hash f9c4bb0b245cee35ef66f75bf409c9573d934cf9 and likely other versions around this code base. No CVSS score has been assigned yet, and no known exploits are reported in the wild. However, the vulnerability can cause denial of service (DoS) through kernel crashes and potentially destabilize systems running VXLAN networking features. Since VXLAN is widely used in cloud, virtualization, and data center networking environments for overlay networks, this vulnerability could impact systems relying on Linux kernel VXLAN support. The root cause is a missing error check leading to null pointer dereference and kernel crash, which is a classic stability and security issue in kernel networking code.
Potential Impact
For European organizations, the impact of CVE-2025-21790 could be significant in environments using Linux-based infrastructure with VXLAN enabled. VXLAN is commonly deployed in cloud service providers, data centers, and enterprise virtualization platforms to enable scalable overlay networks. A kernel crash triggered by this vulnerability could cause denial of service, leading to downtime of critical network services, virtual machines, or containerized workloads. This could disrupt business operations, especially for sectors relying heavily on cloud infrastructure such as finance, telecommunications, and government services. Additionally, repeated crashes or exploitation attempts could increase operational costs due to incident response and recovery efforts. Although no remote code execution or privilege escalation is indicated, the ability to cause kernel panics remotely or locally by triggering VXLAN initialization failures could be leveraged by attackers to degrade service availability. European organizations with multi-tenant cloud environments or those using Linux-based network virtualization should be particularly cautious. The vulnerability also poses risks to embedded Linux devices or network appliances that utilize VXLAN, potentially affecting industrial control systems or critical infrastructure components.
Mitigation Recommendations
To mitigate CVE-2025-21790, European organizations should: 1) Immediately apply the official Linux kernel patches that add proper error checking for vxlan_vnigroup_init() return values to prevent kernel crashes. Monitor Linux kernel mailing lists and vendor advisories for updated stable kernel releases containing the fix. 2) For environments where immediate patching is not feasible, consider disabling VXLAN functionality temporarily if it is not critical to operations, to avoid triggering the vulnerable code paths. 3) Implement robust kernel crash monitoring and alerting to detect any unexpected kernel panics related to VXLAN, enabling rapid incident response. 4) Conduct thorough testing of kernel updates in staging environments to ensure stability before production deployment, especially in complex virtualized or containerized setups. 5) Harden access controls to restrict who can create or modify VXLAN interfaces, as exploitation requires triggering VXLAN initialization failures, which typically requires privileged access. 6) Engage with Linux distribution vendors for backported patches and security advisories tailored to specific kernel versions in use. 7) Maintain up-to-date backups and disaster recovery plans to minimize downtime impact in case of crashes. These measures go beyond generic advice by focusing on VXLAN-specific controls, patch management, and operational monitoring tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium, Italy
CVE-2025-21790: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167] CPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912 Code: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00 RSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb RDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18 RBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000 R13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000 FS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942 unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824 unregister_netdevice_many net/core/dev.c:11866 [inline] unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736 register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901 __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981 vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407 rtnl_newlink_create net/core/rtnetlink.c:3795 [inline] __rtnl_newlink net/core/rtnetlink.c:3906 [inline]
AI-Powered Analysis
Technical Analysis
CVE-2025-21790 is a vulnerability identified in the Linux kernel's VXLAN (Virtual Extensible LAN) implementation, specifically within the vxlan_vnigroup_init() function. The issue arises because the vxlan_init() function does not properly check the return value of vxlan_vnigroup_init(). If vxlan_vnigroup_init() fails, this lack of error handling leads to a later crash in the kernel, as evidenced by a general protection fault and null pointer dereference detected by the Kernel Address Sanitizer (KASAN). The crash occurs due to dereferencing invalid or null pointers, causing a general protection fault and kernel panic. The vulnerability was discovered through automated fuzzing by syzbot, which triggered the crash by exercising the VXLAN code paths. The technical details show that the fault occurs in vxlan_vnigroup_uninit() during cleanup operations, indicating that improper initialization error handling leads to unstable kernel state and memory corruption. This vulnerability affects Linux kernel versions identified by the commit hash f9c4bb0b245cee35ef66f75bf409c9573d934cf9 and likely other versions around this code base. No CVSS score has been assigned yet, and no known exploits are reported in the wild. However, the vulnerability can cause denial of service (DoS) through kernel crashes and potentially destabilize systems running VXLAN networking features. Since VXLAN is widely used in cloud, virtualization, and data center networking environments for overlay networks, this vulnerability could impact systems relying on Linux kernel VXLAN support. The root cause is a missing error check leading to null pointer dereference and kernel crash, which is a classic stability and security issue in kernel networking code.
Potential Impact
For European organizations, the impact of CVE-2025-21790 could be significant in environments using Linux-based infrastructure with VXLAN enabled. VXLAN is commonly deployed in cloud service providers, data centers, and enterprise virtualization platforms to enable scalable overlay networks. A kernel crash triggered by this vulnerability could cause denial of service, leading to downtime of critical network services, virtual machines, or containerized workloads. This could disrupt business operations, especially for sectors relying heavily on cloud infrastructure such as finance, telecommunications, and government services. Additionally, repeated crashes or exploitation attempts could increase operational costs due to incident response and recovery efforts. Although no remote code execution or privilege escalation is indicated, the ability to cause kernel panics remotely or locally by triggering VXLAN initialization failures could be leveraged by attackers to degrade service availability. European organizations with multi-tenant cloud environments or those using Linux-based network virtualization should be particularly cautious. The vulnerability also poses risks to embedded Linux devices or network appliances that utilize VXLAN, potentially affecting industrial control systems or critical infrastructure components.
Mitigation Recommendations
To mitigate CVE-2025-21790, European organizations should: 1) Immediately apply the official Linux kernel patches that add proper error checking for vxlan_vnigroup_init() return values to prevent kernel crashes. Monitor Linux kernel mailing lists and vendor advisories for updated stable kernel releases containing the fix. 2) For environments where immediate patching is not feasible, consider disabling VXLAN functionality temporarily if it is not critical to operations, to avoid triggering the vulnerable code paths. 3) Implement robust kernel crash monitoring and alerting to detect any unexpected kernel panics related to VXLAN, enabling rapid incident response. 4) Conduct thorough testing of kernel updates in staging environments to ensure stability before production deployment, especially in complex virtualized or containerized setups. 5) Harden access controls to restrict who can create or modify VXLAN interfaces, as exploitation requires triggering VXLAN initialization failures, which typically requires privileged access. 6) Engage with Linux distribution vendors for backported patches and security advisories tailored to specific kernel versions in use. 7) Maintain up-to-date backups and disaster recovery plans to minimize downtime impact in case of crashes. These measures go beyond generic advice by focusing on VXLAN-specific controls, patch management, and operational monitoring tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.766Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe882c
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 9:11:55 AM
Last updated: 7/26/2025, 5:35:35 AM
Views: 11
Related Threats
CVE-2025-8859: Unrestricted Upload in code-projects eBlog Site
MediumCVE-2025-8865: CWE-476 NULL Pointer Dereference in YugabyteDB Inc YugabyteDB
MediumCVE-2025-8852: Information Exposure Through Error Message in WuKongOpenSource WukongCRM
MediumCVE-2025-8864: CWE-532 Insertion of Sensitive Information into Log File in YugabyteDB Inc YugabyteDB Anywhere
MediumCVE-2025-8851: Stack-based Buffer Overflow in LibTIFF
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.