CVE-2025-68353

Description

In the Linux kernel, the following vulnerability has been resolved:net: vxlan: prevent null deref in vxlan_xmit_oneNeither sock4 nor sock6 pointers are guaranteed to be non-null invxlan_xmit_one, e.g. if the iface is brought down. This can lead to thefollowing null dereference: BUG: kernel null pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:vxlan_xmit_one+0xbb3/0x1580 Call Trace: vxlan_xmit+0x429/0x610 dev_hard_start_xmit+0x55/0xa0 __dev_queue_xmit+0x6d0/0x7f0 ip_finish_output2+0x24b/0x590 ip_output+0x63/0x110Mentioned commits changed the code path in vxlan_xmit_one and as a sideeffect the sock4/6 pointer validity checks in vxlan(6)_get_route werelost. Fix this by adding back checks.Since both commits being fixed were released in the same version (v6.7)and are strongly related, bundle the fixes in a single commit.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.027

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234