github - ghsa-9rj5-8f4h-5c5g

ghsa-9rj5-8f4h-5c5g

Vulnerability from github

Published

2025-12-16 15:30

Modified

2025-12-16 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix address removal logic in mptcp_pm_nl_rm_addr

Fix inverted WARN_ON_ONCE condition that prevented normal address removal counter updates. The current code only executes decrement logic when the counter is already 0 (abnormal state), while normal removals (counter > 0) are ignored.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-68221"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T14:15:55Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix address removal logic in mptcp_pm_nl_rm_addr\n\nFix inverted WARN_ON_ONCE condition that prevented normal address\nremoval counter updates. The current code only executes decrement\nlogic when the counter is already 0 (abnormal state), while\nnormal removals (counter \u003e 0) are ignored.",
  "id": "GHSA-9rj5-8f4h-5c5g",
  "modified": "2025-12-16T15:30:46Z",
  "published": "2025-12-16T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68221"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92e239e36d600002559074994a545fcfac9afd2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7d953c38245c0e9d8e268fb6a9e524602fb44ec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-68221 (GCVE-0-2025-68221)

Vulnerability from cvelistv5

Published

2025-12-16 13:57

Modified

2025-12-16 13:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix address removal logic in mptcp_pm_nl_rm_addr Fix inverted WARN_ON_ONCE condition that prevented normal address removal counter updates. The current code only executes decrement logic when the counter is already 0 (abnormal state), while normal removals (counter > 0) are ignored.

References

URL

Tags

	https://git.kernel.org/stable/c/f7d953c38245c0e9d8e268fb6a9e524602fb44ec
	https://git.kernel.org/stable/c/92e239e36d600002559074994a545fcfac9afd2d

Impacted products

Vendor

Product

Version

Version: 63611391850850bf27f81afb0d0b6d1237a34006
Version: 63611391850850bf27f81afb0d0b6d1237a34006

Version: 6.15

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_kernel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f7d953c38245c0e9d8e268fb6a9e524602fb44ec",
              "status": "affected",
              "version": "63611391850850bf27f81afb0d0b6d1237a34006",
              "versionType": "git"
            },
            {
              "lessThan": "92e239e36d600002559074994a545fcfac9afd2d",
              "status": "affected",
              "version": "63611391850850bf27f81afb0d0b6d1237a34006",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_kernel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.10",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix address removal logic in mptcp_pm_nl_rm_addr\n\nFix inverted WARN_ON_ONCE condition that prevented normal address\nremoval counter updates. The current code only executes decrement\nlogic when the counter is already 0 (abnormal state), while\nnormal removals (counter \u003e 0) are ignored."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T13:57:14.836Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f7d953c38245c0e9d8e268fb6a9e524602fb44ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/92e239e36d600002559074994a545fcfac9afd2d"
        }
      ],
      "title": "mptcp: fix address removal logic in mptcp_pm_nl_rm_addr",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68221",
    "datePublished": "2025-12-16T13:57:14.836Z",
    "dateReserved": "2025-12-16T13:41:40.257Z",
    "dateUpdated": "2025-12-16T13:57:14.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.