🛡️ UBUNTU-CVE-2025-68340
⚪ Unknown ✅ No Known Exploit OSV
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device header_ops. In the case of the syzbot reproducer the gre0 device is already in state UP when it attempts to add it as a port device of team0, this fails but before that header_ops->create of team0 is changed from eth_header to ipgre_header in the call to team_dev_type_check_change. Later when we end up in ipgre_header() struct ip_tunnel* points to nonsense as the private data of the device still holds a struct team. Example sequence of iproute2 commands to reproduce the hang/BUG(): ip link add dev team0 type team ip link add dev gre0 type gre ip link set dev gre0 up ip link set dev gre0 master team0 ip link set dev team0 up ping -I team0 1.1.1.1 Move team_dev_type_check_change down where all other checks have passed as it changes the dev type with no way to restore it in case one of the checks that follow it fail. Also make sure to preserve the origial mtu assignment: - If port_dev is not the same type as dev, dev takes mtu from port_dev - If port_dev is the same type as dev, port_dev takes mtu from dev This is done by adding a conditional before the call to dev_set_mtu to prevent it from assigning port_dev->mtu = dev->mtu and instead letting team_dev_type_check_change assign dev->mtu = port_dev->mtu. The conditional is needed because the patch moves the call to team_dev_type_check_change past dev_set_mtu. Testing: - team device driver in-tree selftests - Add/remove various devices as slaves of team device - syzbot

Details

Severity Unknown
CVSS Score N/A
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE N/A
Public Exploit ✅ No
Source OSV
Published 2025-12-23
Updated 2026-06-15
Modified 2026-06-08
Fix URL N/A

Affected Packages

Software From version Fixed in
linux 6.17.0-19.19
linux-allwinner-5.19
linux-aws 6.17.0-1009.9
linux-aws-5.0
linux-aws-5.11
linux-aws-5.13
linux-aws-5.15 5.15.0-1105.112~20.04.1
linux-aws-5.19
linux-aws-5.3
linux-aws-5.4
linux-aws-5.8
linux-aws-6.14
linux-aws-6.17 6.17.0-1009.9~24.04.2
linux-aws-6.2
linux-aws-6.5
linux-aws-6.8 6.8.0-1050.53~22.04.1
linux-aws-fips 6.8.0-1050.53+fips1
linux-aws-hwe
linux-azure 6.17.0-1010.10
linux-azure-4.15
linux-azure-5.11
linux-azure-5.13
linux-azure-5.15 5.15.0-1110.119~20.04.1
linux-azure-5.19
linux-azure-5.3
linux-azure-5.4
linux-azure-5.8
linux-azure-6.11
linux-azure-6.14
linux-azure-6.17 6.17.0-1010.10~24.04.1
linux-azure-6.2
linux-azure-6.5
linux-azure-6.8 6.8.0-1051.57~22.04.1
linux-azure-edge
linux-azure-fde
linux-azure-fde-5.19
linux-azure-fde-6.14
linux-azure-fde-6.17
linux-azure-fde-6.2
linux-azure-fde-6.8
linux-azure-fips 6.8.0-1052.58+fips1
linux-azure-nvidia
linux-azure-nvidia-6.14
linux-bluefield
linux-fips 6.8.0-106.106+fips1
linux-gcp 6.17.0-1009.9
linux-gcp-4.15
linux-gcp-5.11
linux-gcp-5.13
linux-gcp-5.15 5.15.0-1106.115~20.04.1
linux-gcp-5.19
linux-gcp-5.3
linux-gcp-5.4
linux-gcp-5.8
linux-gcp-6.11
linux-gcp-6.14
linux-gcp-6.17 6.17.0-1009.9~24.04.3
linux-gcp-6.2
linux-gcp-6.5
linux-gcp-6.8 6.8.0-1052.55~22.04.1
linux-gcp-fips 6.8.0-1052.55+fips1
linux-gke 6.8.0-1048.53
linux-gke-4.15
linux-gke-5.15
linux-gke-5.4
linux-gkeop 6.8.0-1035.38
linux-gkeop-5.15
linux-gkeop-5.4
linux-hwe
linux-hwe-5.11
linux-hwe-5.13
linux-hwe-5.15 5.15.0-176.186~20.04.1
linux-hwe-5.19
linux-hwe-5.4
linux-hwe-5.8
linux-hwe-6.11
linux-hwe-6.14
linux-hwe-6.17 6.17.0-19.19~24.04.2
linux-hwe-6.2
linux-hwe-6.5
linux-hwe-6.8 6.8.0-106.106~22.04.1
linux-hwe-edge
linux-ibm 6.8.0-1049.49
linux-ibm-5.15 5.15.0-1099.102~20.04.1
linux-ibm-5.4
linux-ibm-6.8 6.8.0-1049.49~22.04.1
linux-intel-5.13
linux-intel-iot-realtime 5.15.0-1097.99
linux-intel-iotg 5.15.0-1100.106
linux-intel-iotg-5.15 5.15.0-1100.106~20.04.1
linux-iot
linux-kvm 5.15.0-1097.102
linux-lowlatency 6.8.0-106.106.1
linux-lowlatency-hwe-5.15 5.15.0-175.185~20.04.1
linux-lowlatency-hwe-5.19
linux-lowlatency-hwe-6.11
linux-lowlatency-hwe-6.2
linux-lowlatency-hwe-6.5
linux-lowlatency-hwe-6.8 6.8.0-106.106.1~22.04.1
linux-lts-xenial
linux-nvidia 6.8.0-1049.52
linux-nvidia-6.11
linux-nvidia-6.17 6.17.0-1018.18
linux-nvidia-6.2
linux-nvidia-6.5
linux-nvidia-6.8 6.8.0-1049.52~22.04.1
linux-nvidia-lowlatency 6.8.0-1049.52.1
linux-nvidia-tegra 6.8.0-1020.20
linux-nvidia-tegra-5.15 5.15.0-1057.57~20.04.1
linux-nvidia-tegra-igx 5.15.0-1046.46
linux-oem
linux-oem-5.10
linux-oem-5.13
linux-oem-5.14
linux-oem-5.17
linux-oem-5.6
linux-oem-6.0
linux-oem-6.1
linux-oem-6.11
linux-oem-6.14
linux-oem-6.17 6.17.0-1017.17
linux-oem-6.5
linux-oem-6.8
linux-oracle 6.17.0-1009.9
linux-oracle-5.0
linux-oracle-5.11
linux-oracle-5.13
linux-oracle-5.15 5.15.0-1102.108~20.04.1
linux-oracle-5.3
linux-oracle-5.4
linux-oracle-5.8
linux-oracle-6.14
linux-oracle-6.17 6.17.0-1009.9~24.04.1
linux-oracle-6.5
linux-oracle-6.8 6.8.0-1047.48~22.04.1
linux-raspi 6.17.0-1010.10
linux-raspi-5.4
linux-raspi-realtime 6.8.0-2040.41
linux-raspi2
linux-realtime 6.17.0-1008.9
linux-realtime-6.14
linux-realtime-6.17 6.17.0-1008.9~24.04.1
linux-realtime-6.8 6.8.1-1045.46~22.04.1
linux-riscv 6.17.0-19.19.1
linux-riscv-5.11
linux-riscv-5.15 5.15.0-1099.103~20.04.1
linux-riscv-5.19
linux-riscv-5.8
linux-riscv-6.14
linux-riscv-6.17 6.17.0-19.19.1~24.04.1
linux-riscv-6.5
linux-riscv-6.8 6.8.0-106.106~22.04.1
linux-starfive-5.19
linux-starfive-6.2
linux-starfive-6.5
linux-xilinx 6.8.0-1028.29
linux-xilinx-zynqmp 5.15.0-1070.74

References

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.