Vulners
Lucene search
Azure Linux 3.0 Security Update: kernel (CVE-2025-21792)
| Reporter | Title | Published | Views | Family All 153 |
|---|---|---|---|---|
 | Astra Linux – Vulnerability in Linux 6.1 | 3 May 202623:59 | – | astralinux |
 | CVE-2025-21792 affecting package kernel for versions less than 6.6.79.1-1 | 9 Apr 202515:08 | – | cbl_mariner |
 | CVE-2025-21792 | 27 Feb 202506:11 | – | circl |
 | Linux kernel 安全漏洞 | 27 Feb 202500:00 | – | cnnvd |
 | CVE-2025-21792 | 27 Feb 202502:18 | – | cve |
 | CVE-2025-21792 ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt | 27 Feb 202502:18 | – | cvelist |
 | [SECURITY] [DLA 4102-1] linux-6.1 security update | 31 Mar 202521:39 | – | debian |
 | CVE-2025-21792 | 27 Feb 202502:18 | – | debiancve |
 | Debian dla-4102 : linux-config-6.1 - security update | 1 Apr 202500:00 | – | nessus |
| NewStart CGSL MAIN 7.02 : kernel Multiple Vulnerabilities (NS-SA-2025-0118) | 25 Jul 202500:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(295365);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/22");
script_cve_id("CVE-2025-21792");
script_name(english:"Azure Linux 3.0 Security Update: kernel (CVE-2025-21792)");
script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2025-21792 advisory.
- In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by
setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE
socket option, a refcount leak will occur in ax25_release(). Commit 9fd75b66b8f6 (ax25: Fix refcount
leaks caused by ax25_cb_del()) added decrement of device refcounts in ax25_release(). In order for that
to work correctly the refcounts must already be incremented when the device is bound to the socket. An
AX25 device can be bound to a socket by either calling ax25_bind() or setting SO_BINDTODEVICE socket
option. In both cases the refcounts should be incremented, but in fact it is done only in ax25_bind().
This bug leads to the following issue reported by Syzkaller:
================================================================ refcount_t: decrement hit 0; leaking
memory. WARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210
lib/refcount.c:31 Modules linked in: CPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted
6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31
Call Trace: <TASK> __refcount_dec include/linux/refcount.h:336 [inline] refcount_dec
include/linux/refcount.h:351 [inline] ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236
netdev_tracker_free include/linux/netdevice.h:4156 [inline] netdev_put include/linux/netdevice.h:4173
[inline] netdev_put include/linux/netdevice.h:4169 [inline] ax25_release+0x33f/0xa10
net/ax25/af_ax25.c:1069 __sock_release+0xb0/0x270 net/socket.c:640 sock_close+0x1c/0x30 net/socket.c:1408
... do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK>
================================================================ Fix the implementation of
ax25_setsockopt() by adding increment of refcounts for the new device bound, and decrement of refcounts
for the old unbound device. (CVE-2025-21792)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2025-21792");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-21792");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/02/27");
script_set_attribute(attribute:"patch_publication_date", value:"2025/04/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-gpu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-intree-amdgpu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-sound");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:python3-perf");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Azure Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);
if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);
var pkgs = [
{'reference':'bpftool-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bpftool-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-docs-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-docs-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-accessibility-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-accessibility-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-gpu-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-gpu-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-intree-amdgpu-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-intree-amdgpu-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-sound-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-sound-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-6.6.82.1-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-6.6.82.1-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jan 2026 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.15.5
EPSS0.00206
SSVC