{"api_version":"1","generated_at":"2026-07-15T05:58:14+00:00","cve":"CVE-2025-21925","urls":{"html":"https://cve.report/CVE-2025-21925","api":"https://cve.report/api/cve/CVE-2025-21925.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-21925","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-21925"},"summary":{"title":"llc: do not use skb_get() before dev_queue_xmit()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n <TASK>\n  __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n  __skb_put_padto include/linux/skbuff.h:3843 [inline]\n  skb_put_padto include/linux/skbuff.h:3862 [inline]\n  eth_skb_pad include/linux/etherdevice.h:656 [inline]\n  e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n  __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n  xmit_one net/core/dev.c:3806 [inline]\n  dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n  sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n  __dev_xmit_skb net/core/dev.c:4045 [inline]\n  __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n  dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n  llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n  llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n  llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n  llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n  llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n  sock_sendmsg_nosec net/socket.c:718 [inline]","state":"PUBLISHED","assigner":"Linux","published_at":"2025-04-01 16:15:23","updated_at":"2026-07-14 13:17:27"},"problem_types":["NVD-CWE-noinfo"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html","name":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/cd1c44327bbbd50fc24f2b38892f5f328b784d0f","name":"https://git.kernel.org/stable/c/cd1c44327bbbd50fc24f2b38892f5f328b784d0f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/64e6a754d33d31aa844b3ee66fb93ac84ca1565e","name":"https://git.kernel.org/stable/c/64e6a754d33d31aa844b3ee66fb93ac84ca1565e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-019113.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-019113.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0f764208dc24ea043c3e20194d32aebf94f8459c","name":"https://git.kernel.org/stable/c/0f764208dc24ea043c3e20194d32aebf94f8459c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/13f3f872627f0f27c31245524fc11367756240ad","name":"https://git.kernel.org/stable/c/13f3f872627f0f27c31245524fc11367756240ad","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/17f86e25431ebc15aa9245ff156414fdad47822d","name":"https://git.kernel.org/stable/c/17f86e25431ebc15aa9245ff156414fdad47822d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/056e8a46d79e22983bae4267e0d9c52927076f46","name":"https://git.kernel.org/stable/c/056e8a46d79e22983bae4267e0d9c52927076f46","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html","name":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9b6f083db141ece0024be01526aa05aa978811cb","name":"https://git.kernel.org/stable/c/9b6f083db141ece0024be01526aa05aa978811cb","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/416e8b4c20c6398044e93008deefd563289f477d","name":"https://git.kernel.org/stable/c/416e8b4c20c6398044e93008deefd563289f477d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-21925","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21925","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 cd1c44327bbbd50fc24f2b38892f5f328b784d0f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 13f3f872627f0f27c31245524fc11367756240ad git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 9b6f083db141ece0024be01526aa05aa978811cb git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 17f86e25431ebc15aa9245ff156414fdad47822d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 416e8b4c20c6398044e93008deefd563289f477d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 0f764208dc24ea043c3e20194d32aebf94f8459c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 056e8a46d79e22983bae4267e0d9c52927076f46 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 64e6a754d33d31aa844b3ee66fb93ac84ca1565e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2.6.12","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 2.6.12 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.4.291 5.4.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.235 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.179 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.131 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.83 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.19 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.13.7 6.13.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.14 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"21925","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-03T19:39:20.756Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T12:40:30.974Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-019113.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/llc/llc_s_ac.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"cd1c44327bbbd50fc24f2b38892f5f328b784d0f","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"13f3f872627f0f27c31245524fc11367756240ad","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"9b6f083db141ece0024be01526aa05aa978811cb","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"17f86e25431ebc15aa9245ff156414fdad47822d","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"416e8b4c20c6398044e93008deefd563289f477d","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"0f764208dc24ea043c3e20194d32aebf94f8459c","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"056e8a46d79e22983bae4267e0d9c52927076f46","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"64e6a754d33d31aa844b3ee66fb93ac84ca1565e","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/llc/llc_s_ac.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"2.6.12"},{"lessThan":"2.6.12","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.4.*","status":"unaffected","version":"5.4.291","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.235","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.179","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.131","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.83","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.19","versionType":"semver"},{"lessThanOrEqual":"6.13.*","status":"unaffected","version":"6.13.7","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.14","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.291","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.235","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.179","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.131","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.83","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.19","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.7","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.14","versionStartIncluding":"2.6.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n <TASK>\n  __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n  __skb_put_padto include/linux/skbuff.h:3843 [inline]\n  skb_put_padto include/linux/skbuff.h:3862 [inline]\n  eth_skb_pad include/linux/etherdevice.h:656 [inline]\n  e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n  __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n  xmit_one net/core/dev.c:3806 [inline]\n  dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n  sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n  __dev_xmit_skb net/core/dev.c:4045 [inline]\n  __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n  dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n  llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n  llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n  llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n  llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n  llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n  sock_sendmsg_nosec net/socket.c:718 [inline]"}],"providerMetadata":{"dateUpdated":"2026-05-11T21:09:11.284Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/cd1c44327bbbd50fc24f2b38892f5f328b784d0f"},{"url":"https://git.kernel.org/stable/c/13f3f872627f0f27c31245524fc11367756240ad"},{"url":"https://git.kernel.org/stable/c/9b6f083db141ece0024be01526aa05aa978811cb"},{"url":"https://git.kernel.org/stable/c/17f86e25431ebc15aa9245ff156414fdad47822d"},{"url":"https://git.kernel.org/stable/c/416e8b4c20c6398044e93008deefd563289f477d"},{"url":"https://git.kernel.org/stable/c/0f764208dc24ea043c3e20194d32aebf94f8459c"},{"url":"https://git.kernel.org/stable/c/056e8a46d79e22983bae4267e0d9c52927076f46"},{"url":"https://git.kernel.org/stable/c/64e6a754d33d31aa844b3ee66fb93ac84ca1565e"}],"title":"llc: do not use skb_get() before dev_queue_xmit()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2025-21925","datePublished":"2025-04-01T15:40:57.355Z","dateReserved":"2024-12-29T08:45:45.788Z","dateUpdated":"2026-07-14T12:40:30.974Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-04-01 16:15:23","lastModifiedDate":"2026-07-14 13:17:27","problem_types":["NVD-CWE-noinfo"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.13","versionEndExcluding":"5.4.291","matchCriteriaId":"552A6C63-5778-4C1E-933C-E06FC7223B21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.235","matchCriteriaId":"545121FA-DE31-4154-9446-C2000FB4104D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.179","matchCriteriaId":"C708062C-4E1B-465F-AE6D-C09C46400875"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.131","matchCriteriaId":"BA9C2DE3-D37C-46C6-8DCD-2EE509456E0B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.83","matchCriteriaId":"7D9F642F-6E05-4926-B0FE-62F95B7266BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.19","matchCriteriaId":"32865E5C-8AE1-4D3D-A64D-299039694A88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.7","matchCriteriaId":"842F5A44-3E71-4546-B4FD-43B0ACE3F32B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*","matchCriteriaId":"186716B6-2B66-4BD0-852E-D48E71C0C85F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*","matchCriteriaId":"0D3E781C-403A-498F-9DA9-ECEE50F41E75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*","matchCriteriaId":"66619FB8-0AAF-4166-B2CF-67B24143261D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*","matchCriteriaId":"D3D6550E-6679-4560-902D-AF52DCFE905B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*","matchCriteriaId":"45B90F6B-BEC7-4D4E-883A-9DBADE021750"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"21925","Ordinal":"1","Title":"llc: do not use skb_get() before dev_queue_xmit()","CVE":"CVE-2025-21925","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"21925","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n <TASK>\n  __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n  __skb_put_padto include/linux/skbuff.h:3843 [inline]\n  skb_put_padto include/linux/skbuff.h:3862 [inline]\n  eth_skb_pad include/linux/etherdevice.h:656 [inline]\n  e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n  __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n  xmit_one net/core/dev.c:3806 [inline]\n  dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n  sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n  __dev_xmit_skb net/core/dev.c:4045 [inline]\n  __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n  dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n  llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n  llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n  llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n  llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n  llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n  sock_sendmsg_nosec net/socket.c:718 [inline]","Type":"Description","Title":"llc: do not use skb_get() before dev_queue_xmit()"}]}}}