CVE-2025-21647
📋 TL;DR
A Linux kernel vulnerability in the CAKE scheduler (sch_cake) allows underflow of per-host bulk flow counters, leading to out-of-bounds memory access. This could potentially cause kernel crashes or local privilege escalation. Affects Linux systems using the CAKE QoS scheduler.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or local privilege escalation allowing attackers to gain root access.
Likely Case
Kernel crash causing system instability or denial of service on affected systems.
If Mitigated
No impact if CAKE scheduler is not enabled or system is patched.
🎯 Exploit Status
Requires local access to trigger specific network conditions or manipulate CAKE scheduler behavior. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 27202e2e8721c3b23831563c36ed5ac7818641ba and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/27202e2e8721c3b23831563c36ed5ac7818641ba
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable CAKE scheduler
allRemove or disable CAKE QoS scheduler configuration if not required
# Check if CAKE is in use: tc qdisc show
# Remove CAKE qdisc: tc qdisc del dev <interface> root cake
# Or modify network configuration to use different scheduler
🧯 If You Can't Patch
- Disable CAKE scheduler on all network interfaces
- Implement network segmentation to limit potential attack surface
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if CAKE scheduler is configured: uname -r && tc qdisc show | grep cakeCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and CAKE is either disabled or patched📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Ooops messages in dmesg
- System crash reports
Network Indicators:
- Unusual network behavior when CAKE is enabled
- Interface resets
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND process="sch_cake"🔗 References
- https://git.kernel.org/stable/c/27202e2e8721c3b23831563c36ed5ac7818641ba
- https://git.kernel.org/stable/c/44fe1efb4961c1a5ccab16bb579dfc6b308ad58b
- https://git.kernel.org/stable/c/737d4d91d35b5f7fa5bb442651472277318b0bfd
- https://git.kernel.org/stable/c/91bb18950b88f955838ec0c1d97f74d135756dc7
- https://git.kernel.org/stable/c/a777e06dfc72bed73c05dcb437d7c27ad5f90f3f
- https://git.kernel.org/stable/c/b1a1743aaa4906c41c426eda97e2e2586f79246d
- https://git.kernel.org/stable/c/bb0245fa72b783cb23a9949c5048781341e91423
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
