CVE-2025-21884

Published: Mar 27, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: better track kernel sockets lifetime While kernel sockets are dismantled during pernet_operations->exit(), their freeing can be delayed by any tx packets still held in qdisc or device queues, due to skb_set_owner_w() prior calls. This then trigger the following warning from ref_tracker_dir_exit() [1] To fix this, make sure that kernel sockets own a reference on net->passive. Add sk_net_refcnt_upgrade() helper, used whenever a kernel socket is converted to a refcounted one. [1] [ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at [ 136.263918][ T35] sk_alloc+0x2b3/0x370 [ 136.263918][ T35] inet6_create+0x6ce/0x10f0 [ 136.263918][ T35] __sock_create+0x4c0/0xa30 [ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250 [ 136.263918][ T35] igmp6_net_init+0x39/0x390 [ 136.263918][ T35] ops_init+0x31e/0x590 [ 136.263918][ T35] setup_net+0x287/0x9e0 [ 136.263918][ T35] copy_net_ns+0x33f/0x570 [ 136.263918][ T35] create_new_namespaces+0x425/0x7b0 [ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180 [ 136.263918][ T35] ksys_unshare+0x57d/0xa70 [ 136.263918][ T35] __x64_sys_unshare+0x38/0x40 [ 136.263918][ T35] do_syscall_64+0xf3/0x230 [ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.263918][ T35] [ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at [ 136.343488][ T35] sk_alloc+0x2b3/0x370 [ 136.343488][ T35] inet6_create+0x6ce/0x10f0 [ 136.343488][ T35] __sock_create+0x4c0/0xa30 [ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250 [ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0 [ 136.343488][ T35] ops_init+0x31e/0x590 [ 136.343488][ T35] setup_net+0x287/0x9e0 [ 136.343488][ T35] copy_net_ns+0x33f/0x570 [ 136.343488][ T35] create_new_namespaces+0x425/0x7b0 [ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180 [ 136.343488][ T35] ksys_unshare+0x57d/0xa70 [ 136.343488][ T35] __x64_sys_unshare+0x38/0x40 [ 136.343488][ T35] do_syscall_64+0xf3/0x230 [ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f

Vendor	Product	Versions
Linux	Linux	affected `0cafd77dcd032d1687efaba5598cf07bce85997f - < 2668e038800b946d269f96ec1b258c01930a242c` affected `0cafd77dcd032d1687efaba5598cf07bce85997f - < 4ceb0bd4ffd009821b585ce6a8033b12b59fb5fb` affected `0cafd77dcd032d1687efaba5598cf07bce85997f - < c31a732fac46b00b95b78fcc9c37cb48dd6f2e0c` affected `0cafd77dcd032d1687efaba5598cf07bce85997f - < 5c70eb5c593d64d93b178905da215a9fd288a4b5`
Linux	Linux	affected `6.2` unaffected `0 - < 6.2` unaffected `6.6.103 - <= 6.6.` unaffected `6.12.43 - <= 6.12.` unaffected `6.13.6 - <= 6.13.*` +1 more versions

References

https://git.kernel.org/stable/c/2668e038800b946d269f96ec1b258c01930a242c

https://git.kernel.org/stable/c/4ceb0bd4ffd009821b585ce6a8033b12b59fb5fb

https://git.kernel.org/stable/c/c31a732fac46b00b95b78fcc9c37cb48dd6f2e0c

https://git.kernel.org/stable/c/5c70eb5c593d64d93b178905da215a9fd288a4b5

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-21884

Description

Affected Products

References