CVE-2025-21653
📋 TL;DR
A Linux kernel vulnerability in the net_sched subsystem allows unvalidated right shift operations on 32-bit integers, potentially causing undefined behavior. This affects systems using the cls_flow classifier for traffic control. The vulnerability could lead to kernel instability or denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to undefined shift behavior, causing denial of service.
Likely Case
Kernel instability, potential crashes, or unpredictable network behavior when cls_flow classifier processes malformed traffic control rules.
If Mitigated
Minimal impact if cls_flow classifier is not used or proper input validation is enforced.
🎯 Exploit Status
Exploitation requires ability to configure traffic control rules via netlink (typically requires root or CAP_NET_ADMIN). Found via syzkaller fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel mainline and backported to stable branches (commits listed in references)
Vendor Advisory: https://git.kernel.org/stable/c/2011749ca96460386844dfc7e0fde53ebee96f3c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable cls_flow classifier
linuxRemove or avoid using cls_flow traffic control classifier
tc filter del dev <interface> parent <handle>
Remove cls_flow rules from configuration
🧯 If You Can't Patch
- Restrict netlink access to prevent unauthorized traffic control rule modifications
- Monitor for unusual traffic control configuration changes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if cls_flow classifier is configured: uname -r and tc filter showCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit or is newer than patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'shift-out-of-bounds' or UBSAN warnings
- System crashes or instability when using traffic control
Network Indicators:
- Unusual traffic control rule modifications
- Network performance issues after tc configuration changes
SIEM Query:
kernel: *shift-out-of-bounds* OR kernel: *UBSAN* AND cls_flow🔗 References
- https://git.kernel.org/stable/c/2011749ca96460386844dfc7e0fde53ebee96f3c
- https://git.kernel.org/stable/c/43658e4a5f2770ad94e93362885ff51c10cf3179
- https://git.kernel.org/stable/c/6fde663f7321418996645ee602a473457640542f
- https://git.kernel.org/stable/c/9858f4afeb2e59506e714176bd3e135539a3eeec
- https://git.kernel.org/stable/c/a039e54397c6a75b713b9ce7894a62e06956aa92
- https://git.kernel.org/stable/c/a313d6e6d5f3a631cae5a241c392c28868aa5c5e
- https://git.kernel.org/stable/c/e54beb9aed2a90dddf4c5d68fcfc9a01f3e40a61
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
