CVE-2025-21690
📋 TL;DR
A vulnerability in the Linux kernel's storvsc SCSI driver allows hypervisor errors to trigger excessive warning logs, consuming CPU resources and causing denial of service within virtual machines. This affects Linux systems using Hyper-V virtualization with the storvsc driver. The issue is triggered by persistent hypervisor errors rather than direct external exploitation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete VM unresponsiveness due to CPU exhaustion from log flooding, preventing troubleshooting and requiring VM restart from hypervisor level.
Likely Case
Performance degradation and potential service disruption within affected VMs when hypervisor storage errors occur.
If Mitigated
Minimal impact with ratelimited logs allowing continued VM operation and troubleshooting capability.
🎯 Exploit Status
Exploitation requires hypervisor-level access to trigger persistent storage errors, making it more of a reliability issue than traditional security vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 01d1ebdab9ccb73c952e1666a8a80abd194dbc55, 088bde862f8d3d0fc52e40e66a0484a246837087, 182a4b7c731e95c08cb47f14b87a272b6ab2b2da, 81d4dd05c412ba04f9f6b85b718e6da833be290c, d0f0af1bafef33b3e2aa8c3a4ef44db48df9b0ea
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable storvsc driver logging
linuxReduce logging verbosity for storvsc driver to prevent log flooding
echo 'module storvsc +p' > /sys/kernel/debug/dynamic_debug/control
🧯 If You Can't Patch
- Monitor hypervisor storage health to prevent persistent errors
- Implement VM resource monitoring and alerting for CPU spikes from kernel logging
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if storvsc module is loaded: lsmod | grep storvsc && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check git commit history for the fix commits📡 Detection & Monitoring
Log Indicators:
- Excessive 'storvsc' warning messages in kernel logs (dmesg)
- High CPU usage by kernel logging processes
Network Indicators:
- None - this is a local VM issue
SIEM Query:
source="kernel" AND "storvsc" AND ("warning" OR "error") | stats count by host🔗 References
- https://git.kernel.org/stable/c/01d1ebdab9ccb73c952e1666a8a80abd194dbc55
- https://git.kernel.org/stable/c/088bde862f8d3d0fc52e40e66a0484a246837087
- https://git.kernel.org/stable/c/182a4b7c731e95c08cb47f14b87a272b6ab2b2da
- https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c
- https://git.kernel.org/stable/c/d0f0af1bafef33b3e2aa8c3a4ef44db48df9b0ea
- https://git.kernel.org/stable/c/d2138eab8cde61e0e6f62d0713e45202e8457d6d
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
