CVE-2025-22057
Published: Apr 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request at virtual address ffff5aabf6b5c000 Call trace: percpu_counter_add_batch+0x3c/0x160 (P) dst_release+0xec/0x108 dst_cache_destroy+0x68/0xd8 dst_destroy+0x13c/0x168 dst_destroy_rcu+0x1c/0xb0 rcu_do_batch+0x18c/0x7d0 rcu_core+0x174/0x378 rcu_core_si+0x18/0x30 Fix this by invalidating the cache, and thus decrementing cached dst counters, in dst_release too.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8 - < ccc331fd5bcae131d2627d5ef099d4a1f6540aeaaffected d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8 - < 92a5c18513117be69bc00419dd1724c1940f8fcdaffected d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8 - < 836415a8405c9665ae55352fc5ba865c242f5e4faffected d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8 - < e833e7ad64eb2f63867f65303be49ca30ee8819eaffected d71785ffc7e7cae3fbdc4ea8a9d05b7a1c59f7b8 - < 3a0a3ff6593d670af2451ec363ccb7b18aec0c0a |
Linux | Linux | affected 4.6unaffected 0 - < 4.6unaffected 6.6.87 - <= 6.6.*unaffected 6.12.23 - <= 6.12.*unaffected 6.13.11 - <= 6.13.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now