CVE-2025-21683
📋 TL;DR
A memory leak vulnerability in the Linux kernel's BPF subsystem allows unprivileged local users to cause denial of service by exhausting kernel memory. The issue occurs when bpf_sk_select_reuseport() fails to properly release socket references in error paths, leading to kernel memory exhaustion over time. This affects Linux systems with BPF socket reuseport functionality enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local unprivileged attacker causes kernel memory exhaustion leading to system instability, crashes, or denial of service affecting all users and services.
Likely Case
Local user or misconfigured application gradually consumes kernel memory, eventually causing performance degradation or system instability.
If Mitigated
With proper memory limits and monitoring, impact is limited to performance degradation of affected processes.
🎯 Exploit Status
Requires local access and ability to create BPF programs with socket reuseport functionality. Exploitation requires specific conditions to trigger the error paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fixes from git commits: 0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf, b02e70be498b138e9c21701c2f33f4018ca7cd5e, b3af60928ab9129befa65e6df0310d27300942bf, bb36838dac7bb334a3f3d7eb29875593ec9473fc, cccd51dd22574216e64e5d205489e634f86999f3
Vendor Advisory: https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution vendor for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable BPF socket reuseport
linuxPrevent use of the vulnerable functionality by disabling BPF socket reuseport support
sysctl -w net.core.bpf_jit_enable=0
echo 0 > /proc/sys/net/core/bpf_jit_enable
Restrict BPF capabilities
linuxUse Linux capabilities or SELinux/AppArmor to restrict unprivileged BPF usage
setcap cap_bpf=ep /path/to/application
Or configure SELinux/AppArmor policies to restrict bpf() syscall
🧯 If You Can't Patch
- Implement strict memory limits using cgroups to contain memory exhaustion
- Monitor kernel memory usage and restart affected services if abnormal consumption detected
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if BPF socket reuseport is in use. Vulnerable if using affected kernel version with BPF socket reuseport functionality.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with 'uname -r' and compare against patched versions from your distribution.📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in dmesg
- Abnormal memory consumption by kernel processes
- System instability or crashes
Network Indicators:
- None - this is a local memory leak vulnerability
SIEM Query:
Search for: 'Out of memory: Kill process' OR 'kernel: Memory cgroup out of memory' in system logs🔗 References
- https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf
- https://git.kernel.org/stable/c/b02e70be498b138e9c21701c2f33f4018ca7cd5e
- https://git.kernel.org/stable/c/b3af60928ab9129befa65e6df0310d27300942bf
- https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb29875593ec9473fc
- https://git.kernel.org/stable/c/cccd51dd22574216e64e5d205489e634f86999f3
- https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
