CVE-2025-21711 – This CVE describes an integer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-21711?

CVE-2025-21711 has a CVSS score of 5.5 (MEDIUM). This CVE describes an integer overflow vulnerability in the Linux kernel's ROSE protocol implementation. Attackers could trigger this vulnerability by passing large arguments to the rose_setsockopt() function, potentially leading to memory corruption or system crashes. Systems running vulnerable Linux kernel versions with ROSE protocol enabled are affected.

📋 TL;DR

This CVE describes an integer overflow vulnerability in the Linux kernel's ROSE protocol implementation. Attackers could trigger this vulnerability by passing large arguments to the rose_setsockopt() function, potentially leading to memory corruption or system crashes. Systems running vulnerable Linux kernel versions with ROSE protocol enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but likely multiple stable kernel versions before the fix

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if ROSE (X.25 PLP) protocol is enabled and used. Most modern systems don't use ROSE by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation if combined with other vulnerabilities

🟠

Likely Case

Local denial of service through kernel crash or system instability

🟢

If Mitigated

Minimal impact if ROSE protocol is disabled or systems are properly patched

🌐 Internet-Facing: LOW - ROSE protocol is rarely used for internet-facing services

🏢 Internal Only: MEDIUM - Requires local access or network access to ROSE services

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to call rose_setsockopt() with controlled arguments, typically requiring local access or network access to ROSE services

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 352daa50946c3bbb662432e8daf54d6760796589, 4bdd449977e2364a53d0b2a5427e71beb1cd702d, 9bdee49ad6bbd26ab5e13cc6731e54fb1b6c1dca, b8583b54455cbec2fc038fa32b6700890b369815, d08f4074f9c69f7e95502587eb1b258a965ba7f0

Vendor Advisory: https://git.kernel.org/stable/c/352daa50946c3bbb662432e8daf54d6760796589

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable ROSE protocol module

linux

Prevent loading of ROSE protocol kernel module

echo 'install rose /bin/false' >> /etc/modprobe.d/rose-blacklist.conf
rmmod rose 2>/dev/null || true

Block ROSE protocol at firewall

linux

Prevent network access to ROSE services

iptables -A INPUT -p rose -j DROP
iptables -A OUTPUT -p rose -j DROP

🧯 If You Can't Patch

Disable ROSE protocol module if not needed
Implement strict network segmentation to limit access to systems using ROSE protocol

🔍 How to Verify

Check if Vulnerable:

Check if ROSE module is loaded: lsmod | grep rose. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits or is newer than patched versions. Verify ROSE module can be loaded without issues.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash dumps
ROSE protocol error messages in dmesg

Network Indicators:

Unusual ROSE protocol traffic patterns
Multiple connection attempts to ROSE ports

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "ROSE")

📊 Metadata

CVE ID: CVE-2025-21711

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

EPSS Score: 0.04% exploit probability (12.8th percentile)

Published: February 27, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21711, you might also want to check these: