Security tracker / CVE-2025-21759

CVE-2025-21759

ipv6: mcast: extend RCU protection in igmp6_send()

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in b8ad0cbc58f7 ("[NETNS][IPV6] mcast - handle several network
 carnil> namespace"). Vulnerable versions: 2.6.26-rc1.

Bugs

Status

Branch	Status
upstream	released (6.14-rc3) [087c1faa594fa07a66933d750c0b2610aa1a2946]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.13-upstream-stable	released (6.13.4) [8e92d6a413feaf968a33f0b439ecf27404407458]
6.12-upstream-stable	released (6.12.16) [0bf8e2f3768629d437a32cb824149e6e98254381]
6.6-upstream-stable	released (6.6.79) [81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a]
6.1-upstream-stable	needed
5.10-upstream-stable	needed
sid	released (6.12.16-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	needed
5.10-bullseye-security	needed