CVE-2025-21858: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-21858) was discovered in the Linux kernel's GENEVE network virtualization implementation. The vulnerability was identified on March 12, 2025, and affects the genevefinddev() function. The issue occurs when geneveconfigure() links struct genevedev.next to netgeneric(net, genevenetid)->genevelist, where the net could differ from devnet(dev) if IFLANETNSPID, IFLANETNSFD, or IFLATARGET_NETNSID is set (NVD).

The vulnerability is triggered when devnet(dev) is dismantled, causing geneveexitbatchrtnl() to call unregisternetdevicequeue() for each device in the netns. After the device is freed, its geneve_dev.next remains linked to the backend UDP socket netns, leading to a use-after-free condition when another geneve device is created in the netns. The issue has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker with local access to cause a use-after-free condition, potentially leading to privilege escalation, information disclosure, or system crashes. The high CVSS score indicates that successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed by modifying the genevedestroytunnels() function to call genevedellink() instead of unregisternetdevice_queue(). The fix has been implemented in multiple kernel versions through various stable patches (Kernel Patch).