Login Sign Up

CVE-2025-21640

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's SCTP subsystem. When the kernel accesses current->nsproxy (which can be NULL during process exit), it can cause a kernel panic or system crash. This affects all Linux systems with SCTP enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches are available in stable kernel trees.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if SCTP (Stream Control Transmission Protocol) is enabled in kernel configuration. Many distributions don't enable SCTP by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing system instability or downtime.

🟠

Likely Case

System crash or kernel panic when specific conditions trigger the NULL pointer dereference, resulting in denial of service.

🟢

If Mitigated

Minimal impact if SCTP is disabled or systems are properly patched.

🌐 Internet-Facing: MEDIUM - Requires SCTP to be enabled and accessible, which is less common than TCP/UDP.
🏢 Internal Only: MEDIUM - Same technical risk internally, but may be harder to trigger without specific SCTP usage.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific code path during process exit. Discovered by syzbot fuzzer using acct(2) system call.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel commits available (see references in CVE description)

Vendor Advisory: https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SCTP kernel module

linux

Prevent loading of SCTP kernel module to avoid vulnerability

echo 'install sctp /bin/true' >> /etc/modprobe.d/disable-sctp.conf
rmmod sctp 2>/dev/null || true

Block SCTP at firewall

linux

Prevent SCTP network traffic from reaching vulnerable systems

iptables -A INPUT -p sctp -j DROP
iptables -A OUTPUT -p sctp -j DROP

🧯 If You Can't Patch

  • Disable SCTP functionality in kernel configuration if possible
  • Implement strict network segmentation to limit SCTP traffic exposure

🔍 How to Verify

Check if Vulnerable:

Check if SCTP module is loaded: lsmod | grep sctp. If loaded and kernel is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from your distribution vendor. Verify SCTP functionality still works if needed.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/messages or dmesg
  • System crash/reboot events
  • NULL pointer dereference errors in kernel logs

Network Indicators:

  • SCTP protocol traffic to/from affected systems
  • Unexpected SCTP connection attempts

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "Oops") AND "sctp"

📊 Metadata

CVE ID: CVE-2025-21640
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.05% exploit probability (16.6th percentile)
Published: January 19, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21640, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)