CVE-2025-68353
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux Kernel VXLAN Causes Kernel Crash

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlan_xmit_one Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlan_xmit_one, e.g. if the iface is brought down. This can lead to the following NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:vxlan_xmit_one+0xbb3/0x1580 Call Trace: vxlan_xmit+0x429/0x610 dev_hard_start_xmit+0x55/0xa0 __dev_queue_xmit+0x6d0/0x7f0 ip_finish_output2+0x24b/0x590 ip_output+0x63/0x110 Mentioned commits changed the code path in vxlan_xmit_one and as a side effect the sock4/6 pointer validity checks in vxlan(6)_get_route were lost. Fix this by adding back checks. Since both commits being fixed were released in the same version (v6.7) and are strongly related, bundle the fixes in a single commit.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68353
EUVD
EUVD-2025-205101
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 6.7
linux linux_kernel 6.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's VXLAN networking code, specifically in the function vxlan_xmit_one. The issue occurs because the sock4 and sock6 pointers are not guaranteed to be non-NULL, for example, if the network interface is brought down. This can cause the kernel to dereference a NULL pointer, leading to a kernel crash (BUG). The problem arose after certain commits removed validity checks for these pointers, and the fix involved restoring those checks.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when handling VXLAN network packets. Such a crash can lead to denial of service (DoS) on the affected system, potentially disrupting network communication and system availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68353. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart