{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-21925", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.788Z", "datePublished": "2025-04-01T15:40:57.355Z", "dateUpdated": "2025-11-03T19:39:20.756Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:24:41.978Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n <TASK>\n __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n __skb_put_padto include/linux/skbuff.h:3843 [inline]\n skb_put_padto include/linux/skbuff.h:3862 [inline]\n eth_skb_pad include/linux/etherdevice.h:656 [inline]\n e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n xmit_one net/core/dev.c:3806 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:4045 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n sock_sendmsg_nosec net/socket.c:718 [inline]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/llc/llc_s_ac.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "cd1c44327bbbd50fc24f2b38892f5f328b784d0f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "13f3f872627f0f27c31245524fc11367756240ad", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9b6f083db141ece0024be01526aa05aa978811cb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "17f86e25431ebc15aa9245ff156414fdad47822d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "416e8b4c20c6398044e93008deefd563289f477d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0f764208dc24ea043c3e20194d32aebf94f8459c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "056e8a46d79e22983bae4267e0d9c52927076f46", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "64e6a754d33d31aa844b3ee66fb93ac84ca1565e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/llc/llc_s_ac.c"], "versions": [{"version": "2.6.12", "status": "affected"}, {"version": "0", "lessThan": "2.6.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.291", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.235", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.179", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.131", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.83", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.19", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.7", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.4.291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.10.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.15.179"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.1.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.6.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.12.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.13.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cd1c44327bbbd50fc24f2b38892f5f328b784d0f"}, {"url": "https://git.kernel.org/stable/c/13f3f872627f0f27c31245524fc11367756240ad"}, {"url": "https://git.kernel.org/stable/c/9b6f083db141ece0024be01526aa05aa978811cb"}, {"url": "https://git.kernel.org/stable/c/17f86e25431ebc15aa9245ff156414fdad47822d"}, {"url": "https://git.kernel.org/stable/c/416e8b4c20c6398044e93008deefd563289f477d"}, {"url": "https://git.kernel.org/stable/c/0f764208dc24ea043c3e20194d32aebf94f8459c"}, {"url": "https://git.kernel.org/stable/c/056e8a46d79e22983bae4267e0d9c52927076f46"}, {"url": "https://git.kernel.org/stable/c/64e6a754d33d31aa844b3ee66fb93ac84ca1565e"}], "title": "llc: do not use skb_get() before dev_queue_xmit()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:39:20.756Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "552A6C63-5778-4C1E-933C-E06FC7223B21", "versionEndExcluding": "5.4.291", "versionStartIncluding": "2.6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "545121FA-DE31-4154-9446-C2000FB4104D", "versionEndExcluding": "5.10.235", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C708062C-4E1B-465F-AE6D-C09C46400875", "versionEndExcluding": "5.15.179", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA9C2DE3-D37C-46C6-8DCD-2EE509456E0B", "versionEndExcluding": "6.1.131", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D9F642F-6E05-4926-B0FE-62F95B7266BC", "versionEndExcluding": "6.6.83", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "32865E5C-8AE1-4D3D-A64D-299039694A88", "versionEndExcluding": "6.12.19", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "842F5A44-3E71-4546-B4FD-43B0ACE3F32B", "versionEndExcluding": "6.13.7", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*", "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*", "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*", "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*", "matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n <TASK>\n __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n __skb_put_padto include/linux/skbuff.h:3843 [inline]\n skb_put_padto include/linux/skbuff.h:3862 [inline]\n eth_skb_pad include/linux/etherdevice.h:656 [inline]\n e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n xmit_one net/core/dev.c:3806 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:4045 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n sock_sendmsg_nosec net/socket.c:718 [inline]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: llc: no usar skb_get() antes de dev_queue_xmit(). syzbot puede bloquear hosts [1], usando llc y dispositivos que no admiten IFF_TX_SKB_SHARING. En este caso, el controlador e1000 llama a eth_skb_pad() mientras el skb est\u00e1 compartido. Simplemente reemplace skb_get() por skb_clone() en net/llc/llc_s_ac.c. Tenga en cuenta que el controlador e1000 podr\u00eda tener un problema con pktgen, ya que no borra IFF_TX_SKB_SHARING; este es un cambio ortogonal. Necesitamos auditar otros usos de skb_get() en net/llc. [1] \u00a1ERROR del kernel en net/core/skbuff.c:2178! Oops: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 No contaminado 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178 Rastreo de llamadas: __skb_pad+0x18a/0x610 net/core/skbuff.c:2466 __skb_put_padto include/linux/skbuff.h:3843 [en l\u00ednea] skb_put_padto include/linux/skbuff.h:3862 [en l\u00ednea] eth_skb_pad include/linux/etherdevice.h:656 [en l\u00ednea] e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128 __netdev_start_xmit include/linux/netdevice.h:5151 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:5160 [en l\u00ednea] xmit_one net/core/dev.c:3806 [en l\u00ednea] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822 sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343 __dev_xmit_skb net/core/dev.c:4045 [en l\u00ednea] __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621 dev_queue_xmit include/linux/netdevice.h:3313 [en l\u00ednea] llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [en l\u00ednea] llc_sap_next_state net/llc/llc_sap.c:182 [en l\u00ednea] llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209 llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993 sock_sendmsg_nosec net/socket.c:718 [en l\u00ednea]"}], "id": "CVE-2025-21925", "lastModified": "2025-11-03T20:17:28.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-01T16:15:23.227", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/056e8a46d79e22983bae4267e0d9c52927076f46"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f764208dc24ea043c3e20194d32aebf94f8459c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13f3f872627f0f27c31245524fc11367756240ad"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/17f86e25431ebc15aa9245ff156414fdad47822d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/416e8b4c20c6398044e93008deefd563289f477d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/64e6a754d33d31aa844b3ee66fb93ac84ca1565e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b6f083db141ece0024be01526aa05aa978811cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd1c44327bbbd50fc24f2b38892f5f328b784d0f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: llc: do not use skb_get() before dev_queue_xmit()", "id": "2356675", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356675"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nllc: do not use skb_get() before dev_queue_xmit()\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\nWe need to audit other skb_get() uses in net/llc.\n[1]\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n<TASK>\n__skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n__skb_put_padto include/linux/skbuff.h:3843 [inline]\nskb_put_padto include/linux/skbuff.h:3862 [inline]\neth_skb_pad include/linux/etherdevice.h:656 [inline]\ne1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n__netdev_start_xmit include/linux/netdevice.h:5151 [inline]\nnetdev_start_xmit include/linux/netdevice.h:5160 [inline]\nxmit_one net/core/dev.c:3806 [inline]\ndev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\nsch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n__dev_xmit_skb net/core/dev.c:4045 [inline]\n__dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\ndev_queue_xmit include/linux/netdevice.h:3313 [inline]\nllc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\nllc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\nllc_sap_next_state net/llc/llc_sap.c:182 [inline]\nllc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\nllc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\nsock_sendmsg_nosec net/socket.c:718 [inline]"], "name": "CVE-2025-21925", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21925\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21925\nhttps://lore.kernel.org/linux-cve-announce/2025040132-CVE-2025-21925-89e0@gregkh/T"], "threat_severity": "Low"}