CVE-2025-68353
Unknown Unknown - Not Provided

NULL Pointer Dereference in Linux Kernel VXLAN Causes Kernel Crash

Vulnerability report for CVE-2025-68353, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlan_xmit_one Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlan_xmit_one, e.g. if the iface is brought down. This can lead to the following NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:vxlan_xmit_one+0xbb3/0x1580 Call Trace: vxlan_xmit+0x429/0x610 dev_hard_start_xmit+0x55/0xa0 __dev_queue_xmit+0x6d0/0x7f0 ip_finish_output2+0x24b/0x590 ip_output+0x63/0x110 Mentioned commits changed the code path in vxlan_xmit_one and as a side effect the sock4/6 pointer validity checks in vxlan(6)_get_route were lost. Fix this by adding back checks. Since both commits being fixed were released in the same version (v6.7) and are strongly related, bundle the fixes in a single commit.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-07-06
AI Q&A
2025-12-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 6.7
linux linux_kernel 6.7

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's VXLAN networking code, specifically in the function vxlan_xmit_one. The issue occurs because the sock4 and sock6 pointers are not guaranteed to be non-NULL, for example, if the network interface is brought down. This can cause the kernel to dereference a NULL pointer, leading to a kernel crash (BUG). The problem arose after certain commits removed validity checks for these pointers, and the fix involved restoring those checks.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when handling VXLAN network packets. Such a crash can lead to denial of service (DoS) on the affected system, potentially disrupting network communication and system availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68353. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart