CVE-2025-21674
📋 TL;DR
This CVE describes a lock inversion vulnerability in the Linux kernel's mlx5e driver when enabling IPsec tunnel mode offload. It can cause kernel panics and system crashes, affecting systems using Mellanox network adapters with IPsec offload enabled in debug kernels. The vulnerability is triggered during IPsec security association (SA) operations.
💻 Affected Systems
- Linux kernel mlx5e driver for Mellanox network adapters
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially disrupting network connectivity and services.
Likely Case
System instability or crashes when IPsec tunnel mode offload is enabled, particularly in debug kernel configurations.
If Mitigated
No impact if IPsec offload is disabled or if not using Mellanox adapters with affected driver versions.
🎯 Exploit Status
Exploitation requires ability to trigger IPsec SA operations on affected systems. The vulnerability is a race condition/lock inversion issue rather than a traditional memory corruption vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 2c3688090f8a1f085230aa839cc63e4a7b977df0, 6d3d69c070d920fbb146d73dd3899a50f25d0901, 87c4417a902151cfe4363166245a3671a08c256c applied
Vendor Advisory: https://git.kernel.org/stable/c/2c3688090f8a1f085230aa839cc63e4a7b977df0
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fixes. 2. For distributions: Apply kernel updates from your vendor. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable IPsec offload
linuxDisable IPsec packet offload functionality to prevent triggering the vulnerability
ethtool -K <interface> rx-udp_tunnel-port-offload off
ethtool -K <interface> tx-udp_tunnel-port-offload off
Disable debug kernel features
linuxUse production kernel configuration without debug features if possible
🧯 If You Can't Patch
- Disable IPsec tunnel mode offload on Mellanox interfaces
- Monitor systems for kernel panic logs and implement high availability/failover
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5e driver is loaded with IPsec offload enabled: 'uname -r' and 'ethtool -k <mlx5_interface> | grep udp_tunnel'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and test IPsec tunnel mode functionality📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning mlx5e_xfrm_del_state or lock inversion warnings
- Soft lockup or deadlock detection in kernel logs
- IPsec connection failures in system logs
Network Indicators:
- IPsec tunnel establishment failures
- Network connectivity loss on systems using IPsec offload
SIEM Query:
source="kernel" AND ("mlx5e_xfrm" OR "lock inversion" OR "SOFTIRQ-safe -> SOFTIRQ-unsafe")