#VU106800 Improper locking in Linux kernel - CVE-2025-21910
Vulnerability identifier: #VU106800
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.1 - 6.1.130
External links
https://git.kernel.org/stable/c/17aa34c84867f6cd181a5743e1c647e7766962a6
https://git.kernel.org/stable/c/35ef07112b61b06eb30683a6563c9f6378c02476
https://git.kernel.org/stable/c/59b348be7597c4a9903cb003c69e37df20c04a30
https://git.kernel.org/stable/c/62b1a9bbfebba4b4c2bb6c1ede9ef7ecee7a9ff6
https://git.kernel.org/stable/c/6a5e3b23054cee3b92683d1467e3fa83921f5622
https://git.kernel.org/stable/c/be7c5f00aa7f1344293e4d48d0e12be83a2f223d
https://git.kernel.org/stable/c/da3f599517ef2ea851208df3229d07728d238dc5
https://git.kernel.org/stable/c/f4112cb477c727a65787a4065a75ca593bb5b2f4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
