Security tracker / CVE-2025-21891

CVE-2025-21891

ipvlan: ensure network headers are in skb linear part

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.").
 carnil> Vulnerable versions: 3.19.

Bugs

Status

Branch	Status
upstream	released (6.14-rc5) [27843ce6ba3d3122b65066550fe33fb8839f8aef]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.13-upstream-stable	released (6.13.6) [e2a4f76a2d8a44816ecd25bcbdb47b786d621974]
6.12-upstream-stable	released (6.12.18) [5353fd89663c48f56bdff975c562cfe78b1a2e4c]
6.6-upstream-stable	released (6.6.81) [4ec48f812804f370f622e0874e6dd8fcc58241cd]
6.1-upstream-stable	released (6.1.130) [5b8dea8d1612dc7151d2457d7d2e6a69820309bf]
5.10-upstream-stable	needed
sid	released (6.12.19-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	released (6.1.133-1)
5.10-bullseye-security	needed