CVE-2025-21858: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-21858) was discovered in the Linux kernel's GENEVE network virtualization implementation. The vulnerability was identified on March 12, 2025, and affects the geneve_find_dev() function. The issue occurs when geneve_configure() links struct geneve_dev.next to net_generic(net, geneve_net_id)->geneve_list, where the net could differ from dev_net(dev) if IFLA_NET_NS_PID, IFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set (NVD).

The vulnerability is triggered when dev_net(dev) is dismantled, causing geneve_exit_batch_rtnl() to call unregister_netdevice_queue() for each device in the netns. After the device is freed, its geneve_dev.next remains linked to the backend UDP socket netns, leading to a use-after-free condition when another geneve device is created in the netns. The issue has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker with local access to cause a use-after-free condition, potentially leading to privilege escalation, information disclosure, or system crashes. The high CVSS score indicates that successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed by modifying the geneve_destroy_tunnels() function to call geneve_dellink() instead of unregister_netdevice_queue(). The fix has been implemented in multiple kernel versions through various stable patches (Kernel Patch).