CVE-2025-21790: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21790 affects the Linux kernel's VXLAN (Virtual Extensible LAN) implementation. The vulnerability was discovered when it was found that vxlaninit() fails to check the return value of vxlanvnigroup_init(), which can lead to a crash later in the execution. This issue affects the Linux kernel's networking subsystem, specifically the VXLAN driver (Kernel Git).

The vulnerability stems from a missing error check in the vxlaninit() function. When the VXLANFVNIFILTER flag is set, the function calls vxlanvnigroupinit() but doesn't verify its return value. This can lead to a null pointer dereference later in vxlanvnigroup_uninit(), causing a general protection fault at address 0xdffffc000000002c. The issue was discovered through syzkaller testing and manifests as a kernel crash (Kernel Git).

When exploited, this vulnerability can cause a kernel crash (null pointer dereference), leading to a denial of service condition. The issue occurs in the context of VXLAN network configuration and affects systems using VXLAN with VNI filtering enabled (Kernel Git).

The fix involves adding proper error checking for the vxlanvnigroupinit() function call in vxlan_init(). The patch adds a condition to check the return value and return any error that occurs during initialization. The fix has been merged into the mainline kernel (Kernel Git).