[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-21875":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2025-21875","In the Linux kernel, the following vulnerability has been resolved:  mptcp: always handle address removal under msk socket lock  Syzkaller reported a lockdep splat in the PM control path:    WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]   WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]   WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788   Modules linked in:   CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0   Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024   RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]   RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]   RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788   Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003C0f> 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff   RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283   RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000   RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408   RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000   R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0   R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00   FS:  00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033   CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0   DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000   DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400   Call Trace:    \u003CTASK>    mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59    mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486    mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]    mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629    genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]    genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]    genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210    netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543    genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219    netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]    netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348    netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892    sock_sendmsg_nosec net/socket.c:718 [inline]    __sock_sendmsg+0x221/0x270 net/socket.c:733    ____sys_sendmsg+0x53a/0x860 net/socket.c:2573    ___sys_sendmsg net/socket.c:2627 [inline]    __sys_sendmsg+0x269/0x350 net/socket.c:2659    do_syscall_x64 arch/x86/entry/common.c:52 [inline]    do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83    entry_SYSCALL_64_after_hwframe+0x77/0x7f   RIP: 0033:0x7f7e9998cde9   Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003C48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48   RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e   RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9   RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007   RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000   R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000   R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088  Indeed the PM can try to send a RM_ADDR over a msk without acquiring first the msk socket lock.  The bugged code-path comes from an early optimization: when there are no subflows, the PM should (usually) not send RM_ADDR notifications.  The above statement is incorrect, as without locks another process could concur ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2025-21875",[17,19,21],{"_key":18},"DLA-4178-1",{"_key":20},"DLA-4193-1",{"_key":22},"DSA-5900-1",[],[],"2025-03-27T15:15:55.307Z","2026-04-28T20:29:35.391542Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2025-21875",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[46,65],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,58,61,64],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":57,"fixed_in":9},"lt5_10_237_1",true,"ecosystem","5.10.237-1","excluding",{"version":59,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":57,"fixed_in":9},"lt6_1_133_1","6.1.133-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},"lt6_12_19_1","6.12.19-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},{"ecosystem":47,"name":66,"vendor":49,"product":66,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":66,"source":9,"versions":67},"linux-6.1",[68],{"version":69,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":57,"fixed_in":9},"lt6_1_137_1~deb11u1","6.1.137-1~deb11u1"]