Login Sign Up

CVE-2025-21687

7.8 HIGH

📋 TL;DR

This CVE is a Linux kernel vulnerability in the vfio/platform driver where user-supplied count and offset parameters in read/write syscalls are not properly bounds-checked. Attackers can exploit this to read or write out of bounds of the device memory, potentially accessing sensitive kernel data or causing system instability. Systems using the vfio/platform driver with untrusted userspace access are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before the fix commits listed in references
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if vfio/platform driver is loaded and users have access to vfio devices. Requires CAP_SYS_ADMIN or appropriate device permissions.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, system crash, or information disclosure of sensitive kernel data.

🟠

Likely Case

Information disclosure of kernel memory contents or denial of service through system instability.

🟢

If Mitigated

Limited impact if proper access controls restrict vfio device access to trusted users only.

🌐 Internet-Facing: LOW - Requires local access to the system and vfio device permissions.
🏢 Internal Only: MEDIUM - Local attackers with vfio device access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and vfio device permissions. Exploitation involves crafting malicious syscalls with out-of-bounds parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 1485932496a1b025235af8aa1e21988d6b7ccd54, 665cfd1083866f87301bbd232cb8ba48dcf4acce, 6bcb8a5b70b80143db9bf12dfa7d53636f824d53, 92340e6c5122d823ad064984ef7513eba9204048, 9377cdc118cf327248f1a9dde7b87de067681dc9

Vendor Advisory: https://git.kernel.org/stable/c/1485932496a1b025235af8aa1e21988d6b7ccd54

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict vfio device access

all

Limit vfio device access to trusted users only by removing unnecessary permissions.

chmod 600 /dev/vfio/*
setfacl -m u:trusteduser:rw /dev/vfio/*

Unload vfio/platform module

all

Remove the vulnerable driver if not needed.

rmmod vfio_platform

🧯 If You Can't Patch

  • Restrict vfio device permissions to minimal required users only
  • Monitor system logs for unusual vfio device access patterns

🔍 How to Verify

Check if Vulnerable:

Check if vfio_platform module is loaded: lsmod | grep vfio_platform. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: uname -r. Check that vfio_platform module loads without errors.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops or panic messages related to vfio
  • Audit logs showing unusual vfio device access patterns

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("vfio" OR "platform") AND ("oops" OR "panic" OR "segfault")

📊 Metadata

CVE ID: CVE-2025-21687
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-125
EPSS Score: 0.04% exploit probability (13.3th percentile)
Published: February 10, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21687, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)