CVE-2025-21704
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's USB CDC-ACM driver allows attackers to corrupt kernel memory when processing fragmented USB control notifications. This affects Linux systems with USB CDC-ACM devices (like modems) connected, particularly when ModemManager automatically opens these devices. The vulnerability has existed since the beginning of git history but only became exploitable after a 2023 commit.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel panics, or denial of service when processing malformed USB notifications from malicious or faulty devices.
If Mitigated
No impact if the vulnerable driver isn't loaded or no USB CDC-ACM devices are connected.
🎯 Exploit Status
Exploitation requires USB device access and ability to send malformed control notifications. Timing constraints exist due to fragment processing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 383d516a0ebc, 6abb510251e7, 7828e9363ac4, 871619c2b78f, or 90dd2f1b7342
Vendor Advisory: https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the CDC-ACM buffer size check patch. 3. No reboot required if using kernel livepatch capabilities.
🔧 Temporary Workarounds
Disable USB CDC-ACM driver
allPrevent loading of vulnerable driver module
echo 'blacklist cdc_acm' >> /etc/modprobe.d/blacklist-cdc-acm.conf
rmmod cdc_acm
Disable ModemManager auto-opening
allPrevent automatic device opening that enables the vulnerability
systemctl stop ModemManager
systemctl disable ModemManager
🧯 If You Can't Patch
- Restrict physical USB device access to trusted devices only
- Implement USB device whitelisting/blacklisting policies
🔍 How to Verify
Check if Vulnerable:
Check if cdc_acm module is loaded: lsmod | grep cdc_acm. Check kernel version against patched releases.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: uname -r. Check with distribution vendor for specific patched versions.📡 Detection & Monitoring
Log Indicators:
- Kernel oops/panic messages
- USB error messages in dmesg
- ModemManager crash logs
Network Indicators:
- Unusual USB device connection patterns
SIEM Query:
source="kernel" AND ("cdc_acm" OR "CDC-ACM") AND ("error" OR "panic" OR "oops")🔗 References
- https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831
- https://git.kernel.org/stable/c/6abb510251e75f875797d8983a830e6731fa281c
- https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a45b9f1d9fb35646
- https://git.kernel.org/stable/c/871619c2b78fdfe05afb4e8ba548678687beb812
- https://git.kernel.org/stable/c/90dd2f1b7342b9a671a5ea4160f408037b92b118
- https://git.kernel.org/stable/c/a4e1ae5c0533964170197e4fb4f33bc8c1db5cd2
- https://git.kernel.org/stable/c/e563b01208f4d1f609bcab13333b6c0e24ce6a01
- https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f352ea29a617844636
- https://project-zero.issues.chromium.org/issues/395107243
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
