#VU105143 Improper locking in Linux kernel - CVE-2025-21801

Cybersecurity Help s.r.o.

Published: 2025-02-28 | Updated: 2025-05-11

Vulnerability identifier: #VU105143

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21801

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ravb_suspend() and ravb_resume() functions in drivers/net/ethernet/renesas/ravb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.13 - 6.13.1

External links
https://git.kernel.org/stable/c/0296981941cf291edfbc318d3255a93439f368e4
https://git.kernel.org/stable/c/2c2ebb2b49573e5f8726112ad06b1dffc3c9ea03
https://git.kernel.org/stable/c/ad19522c007bb24ed874468f8baa1503c4662cf4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

openEuler 24.03 LTS SP2 update for kernel

openEuler 24.03 LTS update for kernel

openEuler 24.03 LTS SP1 update for kernel

openEuler 22.03 LTS SP3 update for kernel

openEuler 22.03 LTS SP4 update for kernel

Ubuntu update for linux-azure

Ubuntu update for linux-raspi

Ubuntu update for linux-raspi-realtime

Ubuntu update for linux-gcp

Ubuntu update for linux-aws-6.8