CVE-2025-21692
📋 TL;DR
This CVE describes an out-of-bounds array indexing vulnerability in the Linux kernel's Enhanced Transmission Selection (ETS) queuing discipline. When passed a class ID of 0, the ets_class_from_arg() function can access memory outside the bounds of the ets_class array, potentially leading to local privilege escalation. This affects Linux systems using the ETS qdisc for traffic control.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation allowing an unprivileged user to gain root access on the system, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service, with potential for limited privilege escalation depending on memory layout.
If Mitigated
System remains stable with no impact if the vulnerable code path is not triggered or if proper kernel hardening is in place.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel memory layout. The provided stack trace shows a proof-of-concept triggering the OOB access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 03c56665dab1f4ac844bc156652d50d639093fa5, 1332c6ed446be787f901ed1064ec6a3c694f028a, 997f6ec4208b23c87daf9f044689685f091826f7, bcf0d815e728a3a304b50455b32a3170c16e1eaa, d62b04fca4340a0d468d7853bd66e511935a18cb
Vendor Advisory: https://git.kernel.org/stable/c/03c56665dab1f4ac844bc156652d50d639093fa5
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.
🔧 Temporary Workarounds
Disable ETS qdisc
allRemove or disable ETS queuing discipline configurations if not needed
tc qdisc del dev <interface> root ets
Remove any ETS configurations from /etc/network/interfaces or network manager
🧯 If You Can't Patch
- Restrict user access to systems where ETS is configured
- Implement strict access controls and monitoring for systems using ETS qdisc
🔍 How to Verify
Check if Vulnerable:
Check if ETS qdisc is configured: tc qdisc show | grep etsCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from your distribution's security advisory📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c'
- System crashes or kernel panics related to ETS operations
Network Indicators:
- Unusual traffic control configuration changes
SIEM Query:
source="kernel" AND "sch_ets.c" AND "array-index-out-of-bounds"🔗 References
- https://git.kernel.org/stable/c/03c56665dab1f4ac844bc156652d50d639093fa5
- https://git.kernel.org/stable/c/1332c6ed446be787f901ed1064ec6a3c694f028a
- https://git.kernel.org/stable/c/997f6ec4208b23c87daf9f044689685f091826f7
- https://git.kernel.org/stable/c/bcf0d815e728a3a304b50455b32a3170c16e1eaa
- https://git.kernel.org/stable/c/d62b04fca4340a0d468d7853bd66e511935a18cb
- https://git.kernel.org/stable/c/f4168299e553f17aa2ba4016e77a9c38da40eb1d
- https://git.kernel.org/stable/c/f6b0f05fbfa4044f890e8a348288c0d9a20bd1d0
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
