CVE-2025-21862 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x119/0x179 lib/dump_stack.c:118 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159 reset_per_cpu_data+0xe6/0x240 [drop_monitor] net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800 netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497 genl_rcv+0x29/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:651 [inline] __sock_sendmsg+0x157/0x190 net/socket.c:663 ____sys_sendmsg+0x712/0x870 net/socket.c:2378 ___sys_sendmsg+0xf8/0x170 net/socket.c:2432 __sys_sendmsg+0xea/0x1b0 net/socket.c:2461 do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x62/0xc7 RIP: 0033:0x7f3f9815aee9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9 RDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007 RBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768 If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized. To fix this, let's place resource initialization above the registration of a generic netlink family. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller.

Reserved 2024-12-29 | Published 2025-03-12 | Updated 2025-03-13 | Assigner Linux

Product status

Default status

unaffected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before 6e9e0f224ffd8b819da3ea247dda404795fdd182

affected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before 29f9cdcab3d96d5207a5c92b52c40ad75e5915d8

affected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before 872c7c7e57a746046796ddfead529c9d37b9f6b4

affected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before fcfc00bfec7bb6661074cb21356d05a4c9470a3c

affected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before 0efa6c42f81c60d8f72ba7f5ed8d4fec8c526282

affected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before b7859e8643e75619b2705b4fcac93ffd94d72b4a

affected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before 219a47d0e6195bd202f22855e35f25bd15bc4d58

affected

9a8afc8d3962f3ed26fd6b56db34133860ed1e72 before 07b598c0e6f06a0f254c88dafb4ad50f8a8c6eea

affected

Default status

affected

2.6.30

affected

Any version before 2.6.30

unaffected

5.4.291

unaffected

5.10.235

unaffected

5.15.179

unaffected

6.1.130

unaffected

6.6.80

unaffected

6.12.17

unaffected

6.13.5

unaffected

6.14-rc4

unaffected

References

git.kernel.org/...c/6e9e0f224ffd8b819da3ea247dda404795fdd182

git.kernel.org/...c/29f9cdcab3d96d5207a5c92b52c40ad75e5915d8

git.kernel.org/...c/872c7c7e57a746046796ddfead529c9d37b9f6b4

git.kernel.org/...c/fcfc00bfec7bb6661074cb21356d05a4c9470a3c

git.kernel.org/...c/0efa6c42f81c60d8f72ba7f5ed8d4fec8c526282

git.kernel.org/...c/b7859e8643e75619b2705b4fcac93ffd94d72b4a

git.kernel.org/...c/219a47d0e6195bd202f22855e35f25bd15bc4d58

git.kernel.org/...c/07b598c0e6f06a0f254c88dafb4ad50f8a8c6eea

cve.org (CVE-2025-21862)

nvd.nist.gov (CVE-2025-21862)

Download JSON