{"vulnerability": "CVE-2025-21972", "sightings": [{"uuid": "5874978e-0871-48ff-8e1e-f731af30feed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21972", "type": "seen", "source": "https://t.me/cvedetector/21796", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21972 - Linux Kernel MCTP Net Fragment Reassembly Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21972 \nPublished : April 1, 2025, 4:15 p.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: mctp: unshare packets when reassembling  \n  \nEnsure that the frag_list used for reassembly isn't shared with other  \npackets. This avoids incorrect reassembly when packets are cloned, and  \nprevents a memory leak due to circular references between fragments and  \ntheir skb_shared_info.  \n  \nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the  \nproblem - other MCTP drivers don't share SKBs.  \n  \nA kunit test is added to reproduce the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T19:45:18.000000Z"}, {"uuid": "9029a327-14b4-4fed-a680-02f1ebe2880c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21972", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}]}