Linux Kernel Cached Destination Counter Decrement Vulnerability in dst_release

Vulnerability

A vulnerability exists in the Linux kernel related to the handling of cached destination (dst) counters in the networking subsystem. When the CONFIG_DST_CACHE option is enabled and Open vSwitch (OvS) with tunnels is used, the kernel can encounter a paging request error due to improperly managed dst_cache entries. The issue arises because the fix for a previous vulnerability moved the decrementing of dst counts to the dst_release function, but did not fully address the problem for cached dsts, leading to access violations on already freed data.

Impact

Exploitation of this vulnerability causes a kernel paging request error, indicating a failure to properly manage memory access, which can lead to system instability or crashes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Cached Destination Counter Decrement Vulnerability in dst_release

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating