Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2025-68353

Description

In the Linux kernel, the following vulnerability has been resolved:

net: vxlan: prevent NULL deref in vxlan_xmit_one

Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlan_xmit_one, e.g. if the iface is brought down. This can lead to the following NULL dereference:

BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:vxlan_xmit_one+0xbb3/0x1580 Call Trace: vxlan_xmit+0x429/0x610 dev_hard_start_xmit+0x55/0xa0 __dev_queue_xmit+0x6d0/0x7f0 ip_finish_output2+0x24b/0x590 ip_output+0x63/0x110

Mentioned commits changed the code path in vxlan_xmit_one and as a side effect the sock4/6 pointer validity checks in vxlan(6)_get_route were lost. Fix this by adding back checks.

Since both commits being fixed were released in the same version (v6.7) and are strongly related, bundle the fixes in a single commit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in the Linux kernel's VXLAN driver can crash the system when transmitting packets on a disabled interface.

Root

Cause

The vulnerability resides in the vxlan_xmit_one function within the Linux kernel's VXLAN implementation. When a VXLAN interface is brought down, the sock4 and sock6 pointers (which reference the UDP sockets used for encapsulation) can become NULL. A prior code change in Linux 6.7 inadvertently removed the validity checks for these pointers, leading to a NULL pointer dereference when the kernel attempts to transmit a packet on the disabled interface [1].

Exploitation

An attacker can trigger this bug by sending network traffic through a VXLAN interface that has been administratively disabled (e.g., using ip link set vxlan0 down). No special privileges beyond the ability to send packets to the affected interface are required. The crash occurs in-kernel call chain proceeds from vxlan_xmit_one through dev_hard_start_xmit and __dev_queue_xmit, culminating in the dereference of the NULL pointer, causing a kernel oops [1].

Impact

Successful exploitation results in a kernel NULL pointer dereference, leading to a system crash (denial of service). The crash is immediate and can be triggered by any user or process capable of sending packets to the VXLAN interface. There is no evidence of privilege escalation or remote code execution from this vulnerability.

Mitigation

The fix has been applied in the Linux kernel stable tree as commit 4ac26aafdc8c7271414e2e7c0b2cb266a26591bc [1]. System administrators should apply the latest kernel updates from their distribution to remediate this issue. No workaround is available other than avoiding the use of VXLAN interfaces or ensuring they intend to disable.

References

Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Linux/Kernelllm-fuzzy
Range: >= v6.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000