AI description
CVE-2025-21756 affects the Linux kernel's vsock (Virtual Socket) implementation. Disclosed on February 26, 2025, it is a use-after-free vulnerability that occurs during socket destruction and transport reassignment processes within the vsock subsystem. The vulnerability stems from improper handling of socket bindings during transport reassignment. The `vsock_remove_bound` function can be called without verifying if the socket was bound, potentially leading to a use-after-free condition when `vsock_bind` assumes the socket is in an unbound list. A patch has been implemented to preserve socket bindings until socket destruction, resolving the issue.
- Description
- In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket unbinding during a transport reassignment, which fixes a use-after-free: 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2) 2. transport->release() calls vsock_remove_bound() without checking if sk was bound and moved to bound list (refcnt=1) 3. vsock_bind() assumes sk is in unbound list and before __vsock_insert_bound(vsock_bound_sockets()) calls __vsock_remove_bound() which does: list_del_init(&vsk->bound_table); // nop sock_put(&vsk->sk); // refcnt=0 BUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730 Read of size 4 at addr ffff88816b46a74c by task a.out/2057 dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 __vsock_bind+0x62e/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 __vsock_create.constprop.0+0x2e/0xb60 vsock_create+0xe4/0x420 __sock_create+0x241/0x650 __sys_socket+0xf2/0x1a0 __x64_sys_socket+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 __vsock_bind+0x5e1/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e refcount_t: addition on 0; use-after-free. WARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150 RIP: 0010:refcount_warn_saturate+0xce/0x150 __vsock_bind+0x66d/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e refcount_t: underflow; use-after-free. WARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150 RIP: 0010:refcount_warn_saturate+0xee/0x150 vsock_remove_bound+0x187/0x1e0 __vsock_release+0x383/0x4a0 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x359/0xa80 task_work_run+0x107/0x1d0 do_exit+0x847/0x2560 do_group_exit+0xb8/0x250 __x64_sys_exit_group+0x3a/0x50 x64_sys_call+0xfec/0x14f0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
12
به تازگی آسیب پذیری جدیدی با کد شناسایی CVE-2025-21756 برای کرنل لینوکس منتشر شده است. این آسیب پذیری که از نوع privilege escalation می باشد ، باعث ارتقای سطح دسترسی هکر به
@AmirHossein_sec
1 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21756: Attack of the Vsock https://t.co/vXcfat5KvA https://t.co/ejxfpxYwsu
@secharvesterx
1 May 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux Kernel Exploitation (CVE-2025-21756) : Attack of the Vsock : https://t.co/w5Hs9WrXH5 Source code for the exploit : https://t.co/rRFNu6KBqd https://t.co/g4664kFGMY
@binitamshah
1 May 2025
1860 Impressions
2 Retweets
18 Likes
10 Bookmarks
0 Replies
0 Quotes
Linux Kernel Exploitation (CVE-2025-21756) : Attack of the Vsock : https://t.co/w5Hs9WrXH5 Source code for the exploit : https://t.co/rRFNu6KBqd https://t.co/f77Dih300r
@binitamshah
1 May 2025
1714 Impressions
10 Retweets
22 Likes
6 Bookmarks
1 Reply
0 Quotes
Linux Kernel Exploitation CVE-2025-21756: Attack of the Vsock https://t.co/AW4a3RR5R1
@ytroncal
30 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux Kernel Exploitation: CVE-2025-21756 #HackerNews https://t.co/sx0qMiBHf2
@hackernewstop5
30 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux Kernel Exploitation: CVE-2025-21756 https://t.co/gf0VDnPZmH 2
@cevaboyz
30 Apr 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades del kernel de Linux Debian ❗CVE-2025-21756 ❗CVE-2025-21855 ❗CVE-2025-39735 ➡️Más info: https://t.co/oAUIMKsjS4 https://t.co/hyWEwL5d5T
@CERTpy
30 Apr 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Linux Kernel Hacked: #CVE-2025-21756 – Exploiting the Vsock UAF for Root Access https://t.co/jfF1b8pjRv Educational Purposes!
@UndercodeUpdate
30 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🐧Linux Kernel Hacked: CVE-2025-21756 – Exploiting the Vsock UAF for Root Access The Article Can Be Found Here https://t.co/rQ1iOMwugX https://t.co/fqFwkFLwKE
@_zeus_dev_
30 Apr 2025
152 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
🚨 Critical Linux Kernel vulnerability (CVE-2025-21756) in vsock module allows local #privilegeescalation to root. Affects cloud & container environments. Patch now! 📌 Read more: https://t.co/yuWDaKCMmN #CVE202521756 #Linux #CyberSecurity
@threatsbank
30 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linuxの権限昇格脆弱性CVE-2025-21756に対応するPoC(攻撃の概念実証コード)が公開された。カーネルのvsockサブシステムにおける解放後メモリ使用。脆弱なvsock_release()関数はAppArmor保護対象ではないため、ポイン
@__kokumoto
29 Apr 2025
696 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
Linux Kernel Exploitation: CVE-2025-21756 https://t.co/iEhP0meBFZ
@takesako
29 Apr 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-21756
@transilienceai
29 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔥 Linux Kernel Vulnerability Exposes Systems to Privilege Escalation Attacks Read more: https://t.co/ZatBxYAcpF A significant vulnerability in the Linux kernel’s Virtual Socket (vsock) implementation, designated as CVE-2025-21756, has been identified that could allow lo
@The_Cyber_News
29 Apr 2025
389 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21756: How a Tiny Linux Kernel Bug Led to a Full Root Exploit, PoC Releases https://t.co/fJSTn5CaNq
@Dinosn
29 Apr 2025
6152 Impressions
45 Retweets
153 Likes
45 Bookmarks
2 Replies
1 Quote
CVE-2025-21756: How a Tiny Linux Kernel Bug Led to a Full Root Exploit, PoC Releases https://t.co/az9sqf8NDL
@the_yellow_fall
29 Apr 2025
5745 Impressions
43 Retweets
156 Likes
62 Bookmarks
0 Replies
0 Quotes
GitHub - hoefler02/CVE-2025-21756: My first linux kernel exploit https://t.co/BpYKlKvAbj
@akaclandestine
19 Apr 2025
1037 Impressions
1 Retweet
13 Likes
6 Bookmarks
0 Replies
0 Quotes
GitHub - hoefler02/CVE-2025-21756: My first linux kernel exploit - https://t.co/azv5mktRGG
@piedpiper1616
19 Apr 2025
697 Impressions
4 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "545121FA-DE31-4154-9446-C2000FB4104D",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C708062C-4E1B-465F-AE6D-C09C46400875",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA9C2DE3-D37C-46C6-8DCD-2EE509456E0B",
"versionEndExcluding": "6.1.131",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B16AADE5-B2FD-4C14-B4E4-85E8EDAFE775",
"versionEndExcluding": "6.6.79",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "6.13"
}
],
"operator": "OR"
}
]
}
]