CVE & CISA-KEV Catalog

CVE-2025-21986

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing notifiers to / from the chain and acquired for reading when traversing the chain and informing notifiers about an event. In case of the blocking switchdev notification chain, recursive notifications are possible which leads to the semaphore being acquired twice for reading and to lockdep warnings being generated [1]. Specifically, this can happen when the bridge driver processes a SWITCHDEV_BRPORT_UNOFFLOADED event which causes it to emit notifications about deferred events when calling switchdev_deferred_process(). Fix this by converting the notification chain to a raw notification chain in a similar fashion to the netdev notification chain. Protect the chain using the RTNL mutex by acquiring it when modifying the chain. Events are always informed under the RTNL mutex, but add an assertion in call_switchdev_blocking_notifiers() to make sure this is not violated in the future. Maintain the "blocking" prefix as events are always emitted from process context and listeners are allowed to block. [1]: WARNING: possible recursive locking detected 6.14.0-rc4-custom-g079270089484 #1 Not tainted -------------------------------------------- ip/52731 is trying to acquire lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 but task is already holding lock: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock((switchdev_blocking_notif_chain).rwsem); lock((switchdev_blocking_notif_chain).rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by ip/52731: #0: ffffffff84f795b0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x727/0x1dc0 #1: ffffffff8731f628 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x790/0x1dc0 #2: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0 stack backtrace: ... ? __pfx_down_read+0x10/0x10 ? __pfx_mark_lock+0x10/0x10 ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10 blocking_notifier_call_chain+0x58/0xa0 switchdev_port_attr_notify.constprop.0+0xb3/0x1b0 ? __pfx_switchdev_port_attr_notify.constprop.0+0x10/0x10 ? mark_held_locks+0x94/0xe0 ? switchdev_deferred_process+0x11a/0x340 switchdev_port_attr_set_deferred+0x27/0xd0 switchdev_deferred_process+0x164/0x340 br_switchdev_port_unoffload+0xc8/0x100 [bridge] br_switchdev_blocking_event+0x29f/0x580 [bridge] notifier_call_chain+0xa2/0x440 blocking_notifier_call_chain+0x6e/0xa0 switchdev_bridge_port_unoffload+0xde/0x1a0 ...

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.133-1CVE-2025-21986
Fixed in:6.12.20-1CVE-2025-21986
Fixed in:6.12.20-1CVE-2025-21986
linuxUbuntu
Fixed in:6.8.0-84.84USN-7764-1
linux-awsUbuntu
Fixed in:6.8.0-1039.41USN-7764-1
linux-aws-6.8Ubuntu
Fixed in:6.8.0-1039.41~22.04.1USN-7766-1
linux-azureUbuntu
Fixed in:6.8.0-1038.44USN-7802-1
linux-azure-6.11Ubuntu
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-azure-6.8Ubuntu
Fixed in:6.8.0-1036.42~22.04.1USN-7802-1
linux-azure-nvidiaUbuntu
Fixed in:6.8.0-1025.27USN-7809-1
linux-gcpUbuntu
Fixed in:6.8.0-1040.42USN-7764-1
linux-gcp-6.11Ubuntu
Fixed in:6.11.0-1016.16~24.04.1USN-7605-1
linux-gcp-6.8Ubuntu
Fixed in:6.8.0-1040.42~22.04.1USN-7766-1
linux-gkeUbuntu
Fixed in:6.8.0-1036.40USN-7764-1
linux-gkeopUbuntu
Fixed in:6.8.0-1023.25USN-7764-1
linux-hwe-6.11Ubuntu
Fixed in:6.11.0-28.28~24.04.1USN-7605-1
linux-hwe-6.8Ubuntu
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
linux-ibmUbuntu
Fixed in:6.8.0-1037.37USN-7779-1
linux-ibm-6.8Ubuntu
Fixed in:6.8.0-1037.37~22.04.1USN-7779-1
linux-image-6.11.0-1015-lowlatencyUbuntu
Fixed in:6.11.0-1015.16~24.04.2USN-7605-2
linux-image-6.11.0-1015-lowlatency-64kUbuntu
Fixed in:6.11.0-1015.16~24.04.2USN-7605-2
linux-image-6.11.0-1016-gcpUbuntu
Fixed in:6.11.0-1016.16~24.04.1USN-7605-1
linux-image-6.11.0-1016-gcp-64kUbuntu
Fixed in:6.11.0-1016.16~24.04.1USN-7605-1
linux-image-6.11.0-1018-azureUbuntu
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-image-6.11.0-1018-azure-fdeUbuntu
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-image-6.11.0-1024-oemUbuntu
Fixed in:6.11.0-1024.24USN-7606-1
linux-image-6.11.0-28-genericUbuntu
Fixed in:6.11.0-28.28~24.04.1USN-7605-1
linux-image-6.11.0-28-generic-64kUbuntu
Fixed in:6.11.0-28.28~24.04.1USN-7605-1
linux-image-6.8.0-1023-gkeopUbuntu
Fixed in:6.8.0-1023.25USN-7764-1
linux-image-6.8.0-1025-azure-nvidiaUbuntu
Fixed in:6.8.0-1025.27USN-7809-1
linux-image-6.8.0-1036-azureUbuntu
Fixed in:6.8.0-1036.42~22.04.1USN-7802-1
linux-image-6.8.0-1036-azure-fdeUbuntu
Fixed in:6.8.0-1036.42~22.04.1USN-7802-1
linux-image-6.8.0-1036-gkeUbuntu
Fixed in:6.8.0-1036.40USN-7764-1
linux-image-6.8.0-1036-gke-64kUbuntu
Fixed in:6.8.0-1036.40USN-7764-1
linux-image-6.8.0-1037-ibmUbuntu
Fixed in:6.8.0-1037.37~22.04.1USN-7779-1
Fixed in:6.8.0-1037.37USN-7779-1
linux-image-6.8.0-1037-oracleUbuntu
Fixed in:6.8.0-1037.38~22.04.1USN-7801-3
Fixed in:6.8.0-1037.38USN-7801-2
linux-image-6.8.0-1037-oracle-64kUbuntu
Fixed in:6.8.0-1037.38~22.04.1USN-7801-3
Fixed in:6.8.0-1037.38USN-7801-2
linux-image-6.8.0-1038-azureUbuntu
Fixed in:6.8.0-1038.44USN-7802-1
linux-image-6.8.0-1038-azure-fdeUbuntu
Fixed in:6.8.0-1038.44USN-7802-1
linux-image-6.8.0-1039-awsUbuntu
Fixed in:6.8.0-1039.41~22.04.1USN-7766-1
Fixed in:6.8.0-1039.41USN-7764-1
linux-image-6.8.0-1039-aws-64kUbuntu
Fixed in:6.8.0-1039.41~22.04.1USN-7766-1
Fixed in:6.8.0-1039.41USN-7764-1
linux-image-6.8.0-1039-nvidiaUbuntu
Fixed in:6.8.0-1039.42~22.04.1USN-7765-1
Fixed in:6.8.0-1039.42USN-7765-1
linux-image-6.8.0-1039-nvidia-64kUbuntu
Fixed in:6.8.0-1039.42~22.04.1USN-7765-1
Fixed in:6.8.0-1039.42USN-7765-1
linux-image-6.8.0-1039-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1039.42.1USN-7765-1
linux-image-6.8.0-1039-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1039.42.1USN-7765-1
linux-image-6.8.0-1039-raspiUbuntu
Fixed in:6.8.0-1039.43USN-7790-1
linux-image-6.8.0-1040-gcpUbuntu
Fixed in:6.8.0-1040.42~22.04.1USN-7766-1
Fixed in:6.8.0-1040.42USN-7764-1
linux-image-6.8.0-1040-gcp-64kUbuntu
Fixed in:6.8.0-1040.42~22.04.1USN-7766-1
Fixed in:6.8.0-1040.42USN-7764-1
linux-image-6.8.0-2031-raspi-realtimeUbuntu
Fixed in:6.8.0-2031.32USN-7800-1
linux-image-6.8.0-84-genericUbuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-84.84USN-7764-1
linux-image-6.8.0-84-generic-64kUbuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-84.84USN-7764-1
linux-image-6.8.0-84-lowlatencyUbuntu
Fixed in:6.8.0-84.84.1~22.04.1USN-7764-1
Fixed in:6.8.0-84.84.1USN-7764-1
linux-image-6.8.0-84-lowlatency-64kUbuntu
Fixed in:6.8.0-84.84.1~22.04.1USN-7764-1
Fixed in:6.8.0-84.84.1USN-7764-1
linux-image-6.8.0-85-genericUbuntu
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-6.8.0-85-generic-64kUbuntu
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-6.8.1-1034-realtimeUbuntu
Fixed in:6.8.1-1034.35~22.04.1USN-7767-2
Fixed in:6.8.1-1034.35USN-7767-1
linux-image-awsUbuntu
Fixed in:6.8.0-1039.41~22.04.1USN-7766-1
linux-image-aws-6.8Ubuntu
Fixed in:6.8.0-1039.41~22.04.1USN-7766-1
Fixed in:6.8.0-1039.41USN-7764-1
linux-image-aws-64kUbuntu
Fixed in:6.8.0-1039.41~22.04.1USN-7766-1
linux-image-aws-64k-6.8Ubuntu
Fixed in:6.8.0-1039.41~22.04.1USN-7766-1
Fixed in:6.8.0-1039.41USN-7764-1
linux-image-aws-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1039.41USN-7764-1
linux-image-aws-lts-24.04Ubuntu
Fixed in:6.8.0-1039.41USN-7764-1
linux-image-azureUbuntu
Fixed in:6.8.0-1036.42~22.04.1USN-7802-1
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-image-azure-6.11Ubuntu
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-image-azure-6.8Ubuntu
Fixed in:6.8.0-1036.42~22.04.1USN-7802-1
Fixed in:6.8.0-1038.44USN-7802-1
linux-image-azure-fdeUbuntu
Fixed in:6.8.0-1036.42~22.04.1USN-7802-1
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-image-azure-fde-6.11Ubuntu
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-image-azure-fde-6.8Ubuntu
Fixed in:6.8.0-1036.42~22.04.1USN-7802-1
Fixed in:6.8.0-1038.44USN-7802-1
linux-image-azure-fde-edgeUbuntu
Fixed in:6.11.0-1018.18~24.04.1USN-7628-1
linux-image-azure-fde-lts-24.04Ubuntu
Fixed in:6.8.0-1038.44USN-7802-1
linux-image-azure-lts-24.04Ubuntu
Fixed in:6.8.0-1038.44USN-7802-1
linux-image-azure-nvidiaUbuntu
Fixed in:6.8.0-1025.27USN-7809-1
linux-image-azure-nvidia-6.8Ubuntu
Fixed in:6.8.0-1025.27USN-7809-1
linux-image-azure-nvidia-lts-24.04Ubuntu
Fixed in:6.8.0-1025.27USN-7809-1
linux-image-gcpUbuntu
Fixed in:6.8.0-1040.42~22.04.1USN-7766-1
Fixed in:6.11.0-1016.16~24.04.1USN-7605-1
linux-image-gcp-6.8Ubuntu
Fixed in:6.8.0-1040.42~22.04.1USN-7766-1
Fixed in:6.8.0-1040.42USN-7764-1
linux-image-gcp-64kUbuntu
Fixed in:6.8.0-1040.42~22.04.1USN-7766-1
Fixed in:6.11.0-1016.16~24.04.1USN-7605-1
linux-image-gcp-64k-6.8Ubuntu
Fixed in:6.8.0-1040.42~22.04.1USN-7766-1
Fixed in:6.8.0-1040.42USN-7764-1
linux-image-gcp-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1040.42USN-7764-1
linux-image-gcp-lts-24.04Ubuntu
Fixed in:6.8.0-1040.42USN-7764-1
linux-image-genericUbuntu
Fixed in:6.8.0-84.84USN-7764-1
linux-image-generic-6.8Ubuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
Fixed in:6.8.0-84.84USN-7764-1
linux-image-generic-64kUbuntu
Fixed in:6.8.0-84.84USN-7764-1
linux-image-generic-64k-6.8Ubuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
Fixed in:6.8.0-84.84USN-7764-1
linux-image-generic-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-generic-64k-hwe-24.04Ubuntu
Fixed in:6.11.0-28.28~24.04.1USN-7605-1
linux-image-generic-hwe-22.04Ubuntu
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
linux-image-generic-hwe-24.04Ubuntu
Fixed in:6.11.0-28.28~24.04.1USN-7605-1
linux-image-generic-lpaeUbuntu
Fixed in:6.8.0-84.84USN-7764-1
linux-image-gkeUbuntu
Fixed in:6.8.0-1036.40USN-7764-1
linux-image-gke-6.8Ubuntu
Fixed in:6.8.0-1036.40USN-7764-1
linux-image-gke-64kUbuntu
Fixed in:6.8.0-1036.40USN-7764-1
linux-image-gke-64k-6.8Ubuntu
Fixed in:6.8.0-1036.40USN-7764-1
linux-image-gkeopUbuntu
Fixed in:6.8.0-1023.25USN-7764-1
linux-image-gkeop-6.8Ubuntu
Fixed in:6.8.0-1023.25USN-7764-1
linux-image-ibmUbuntu
Fixed in:6.8.0-1037.37USN-7779-1
linux-image-ibm-6.8Ubuntu
Fixed in:6.8.0-1037.37~22.04.1USN-7779-1
Fixed in:6.8.0-1037.37USN-7779-1
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1037.37USN-7779-1
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1037.37USN-7779-1
linux-image-kvmUbuntu
Fixed in:6.8.0-84.84USN-7764-1
linux-image-lowlatencyUbuntu
Fixed in:6.8.0-84.84.1USN-7764-1
linux-image-lowlatency-6.11Ubuntu
Fixed in:6.11.0-1015.16~24.04.2USN-7605-2
linux-image-lowlatency-6.8Ubuntu
Fixed in:6.8.0-84.84.1~22.04.1USN-7764-1
Fixed in:6.8.0-84.84.1USN-7764-1
linux-image-lowlatency-64kUbuntu
Fixed in:6.8.0-84.84.1USN-7764-1
linux-image-lowlatency-64k-6.11Ubuntu
Fixed in:6.11.0-1015.16~24.04.2USN-7605-2
linux-image-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-84.84.1~22.04.1USN-7764-1
Fixed in:6.8.0-84.84.1USN-7764-1
linux-image-lowlatency-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-84.84.1~22.04.1USN-7764-1
linux-image-lowlatency-64k-hwe-24.04Ubuntu
Fixed in:6.11.0-1015.16~24.04.2USN-7605-2
linux-image-lowlatency-hwe-22.04Ubuntu
Fixed in:6.8.0-84.84.1~22.04.1USN-7764-1
linux-image-lowlatency-hwe-24.04Ubuntu
Fixed in:6.11.0-1015.16~24.04.2USN-7605-2
linux-image-nvidiaUbuntu
Fixed in:6.8.0-1039.42USN-7765-1
linux-image-nvidia-6.8Ubuntu
Fixed in:6.8.0-1039.42~22.04.1USN-7765-1
Fixed in:6.8.0-1039.42USN-7765-1
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1039.42USN-7765-1
linux-image-nvidia-64k-6.8Ubuntu
Fixed in:6.8.0-1039.42~22.04.1USN-7765-1
Fixed in:6.8.0-1039.42USN-7765-1
linux-image-nvidia-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-1039.42~22.04.1USN-7765-1
linux-image-nvidia-hwe-22.04Ubuntu
Fixed in:6.8.0-1039.42~22.04.1USN-7765-1
linux-image-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1039.42.1USN-7765-1
linux-image-nvidia-lowlatency-6.8Ubuntu
Fixed in:6.8.0-1039.42.1USN-7765-1
linux-image-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1039.42.1USN-7765-1
linux-image-nvidia-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-1039.42.1USN-7765-1
linux-image-oem-22.04Ubuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-oem-22.04aUbuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-oem-22.04bUbuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-oem-22.04cUbuntu
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
linux-image-oem-22.04dUbuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-oem-24.04bUbuntu
Fixed in:6.11.0-1024.24USN-7606-1
linux-image-oracleUbuntu
Fixed in:6.8.0-1037.38~22.04.1USN-7801-3
linux-image-oracle-6.8Ubuntu
Fixed in:6.8.0-1037.38~22.04.1USN-7801-3
Fixed in:6.8.0-1037.38USN-7801-2
linux-image-oracle-64kUbuntu
Fixed in:6.8.0-1037.38~22.04.1USN-7801-3
linux-image-oracle-64k-6.8Ubuntu
Fixed in:6.8.0-1037.38~22.04.1USN-7801-3
Fixed in:6.8.0-1037.38USN-7801-2
linux-image-oracle-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1037.38USN-7801-2
linux-image-oracle-lts-24.04Ubuntu
Fixed in:6.8.0-1037.38USN-7801-2
linux-image-raspiUbuntu
Fixed in:6.8.0-1039.43USN-7790-1
linux-image-raspi-6.8Ubuntu
Fixed in:6.8.0-1039.43USN-7790-1
linux-image-raspi-realtimeUbuntu
Fixed in:6.8.0-2031.32USN-7800-1
linux-image-raspi-realtime-6.8Ubuntu
Fixed in:6.8.0-2031.32USN-7800-1
linux-image-realtimeUbuntu
Fixed in:6.8.1-1034.35USN-7767-1
linux-image-realtime-6.8.1Ubuntu
Fixed in:6.8.1-1034.35~22.04.1USN-7767-2
Fixed in:6.8.1-1034.35USN-7767-1
linux-image-realtime-hwe-22.04Ubuntu
Fixed in:6.8.1-1034.35~22.04.1USN-7767-2
linux-image-virtualUbuntu
Fixed in:6.8.0-84.84USN-7764-1
linux-image-virtual-6.8Ubuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
Fixed in:6.8.0-84.84USN-7764-1
linux-image-virtual-hwe-22.04Ubuntu
Fixed in:6.8.0-84.84~22.04.1USN-7764-2
Fixed in:6.8.0-85.85~22.04.1USN-7801-1
linux-image-virtual-hwe-24.04Ubuntu
Fixed in:6.11.0-28.28~24.04.1USN-7605-1
linux-lowlatencyUbuntu
Fixed in:6.8.0-84.84.1USN-7764-1
linux-lowlatency-hwe-6.11Ubuntu
Fixed in:6.11.0-1015.16~24.04.2USN-7605-2
linux-lowlatency-hwe-6.8Ubuntu
Fixed in:6.8.0-84.84.1~22.04.1USN-7764-1
linux-nvidiaUbuntu
Fixed in:6.8.0-1039.42USN-7765-1
linux-nvidia-6.8Ubuntu
Fixed in:6.8.0-1039.42~22.04.1USN-7765-1
linux-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1039.42.1USN-7765-1
linux-oem-6.11Ubuntu
Fixed in:6.11.0-1024.24USN-7606-1
linux-oracleUbuntu
Fixed in:6.8.0-1037.38USN-7801-2
linux-oracle-6.8Ubuntu
Fixed in:6.8.0-1037.38~22.04.1USN-7801-3
linux-raspiUbuntu
Fixed in:6.8.0-1039.43USN-7790-1
linux-raspi-realtimeUbuntu
Fixed in:6.8.0-2031.32USN-7800-1
linux-realtimeUbuntu
Fixed in:6.8.1-1034.35USN-7767-1
linux-realtime-6.8Ubuntu
Fixed in:6.8.1-1034.35~22.04.1USN-7767-2

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.14%probability of exploitation in 30 days
4thpercentile

Low risk: more likely to be exploited than 4% of all known CVEs.

References

Related Vulnerabilities

Other CWE-667 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2019-10072High7.573%-Fix
CVE-2002-1850High7.517%-Fix
CVE-2009-2699High7.514%-Fix
CVE-2004-0174High7.512%--
CVE-2009-4272High7.511%--
CVE-2020-24606High8.65.2%-Fix
Embed a live status badge for CVE-2025-21986
CVE-2025-21986 severity badge

Markdown

[![CVE-2025-21986](https://tridentstack.com/cve/badge/CVE-2025-21986.svg)](https://tridentstack.com/cve/CVE-2025-21986)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-21986"><img src="https://tridentstack.com/cve/badge/CVE-2025-21986.svg" alt="CVE-2025-21986"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-03.