CVE-2025-21719
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's IP multicast routing (ipmr) subsystem allows a local attacker to trigger a kernel crash (denial of service) by accessing invalid memory. The vulnerability occurs when the kernel attempts to process unresolved multicast forwarding cache entries, leading to a wild memory access. This affects Linux systems with IP multicast routing enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel panic, causing system-wide denial of service and potential data loss from unsaved work.
Likely Case
Local denial of service through kernel crash/panic, requiring system reboot to restore functionality.
If Mitigated
Minimal impact if IP multicast routing is disabled or access controls restrict local user privileges.
🎯 Exploit Status
Exploitation requires local access and knowledge of triggering the mr_table_dump path; discovered via syzkaller fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with the fix commits applied
Vendor Advisory: https://git.kernel.org/stable/c/15a901361ec3fb1c393f91880e1cbf24ec0a88bd
Restart Required: Yes
Instructions:
1. Update Linux kernel to a patched version from your distribution's repository. 2. Reboot the system to load the new kernel. 3. Verify the fix by checking kernel version or testing functionality.
🔧 Temporary Workarounds
Disable IP multicast routing
LinuxPrevents exploitation by disabling the vulnerable subsystem if not required.
echo 0 > /proc/sys/net/ipv4/conf/all/mc_forwarding
sysctl -w net.ipv4.conf.all.mc_forwarding=0
🧯 If You Can't Patch
- Restrict local user access to prevent untrusted users from triggering the vulnerability.
- Implement kernel module signing and secure boot to reduce risk of kernel-level attacks.
🔍 How to Verify
Check if Vulnerable:
Check if IP multicast routing is enabled: cat /proc/sys/net/ipv4/conf/all/mc_forwarding (returns 1 if vulnerable feature active).Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions; test IP multicast routing functionality.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning 'mr_mfc_uses_dev' or 'ipmr'
- System crash/reboot events in system logs
Network Indicators:
- Unusual local process accessing multicast routing tables
SIEM Query:
source="kernel" AND ("mr_mfc_uses_dev" OR "ipmr" OR "KASAN: maybe wild-memory-access")🔗 References
- https://git.kernel.org/stable/c/15a901361ec3fb1c393f91880e1cbf24ec0a88bd
- https://git.kernel.org/stable/c/26bb7d991f04eeef47dfad23e533834995c26f7a
- https://git.kernel.org/stable/c/53df27fd38f84bd3cd6b004eb4ff3c4903114f1d
- https://git.kernel.org/stable/c/547ef7e8cbb98f966c8719a3e15d4e078aaa9b47
- https://git.kernel.org/stable/c/57177c5f47a8da852f8d76cf6945cf803f8bb9e5
- https://git.kernel.org/stable/c/71a0fcb68c0a5f3ec912b540cd5d72148e6ee5f1
- https://git.kernel.org/stable/c/a099834a51ccf9bbba3de86a251b3433539abfde
- https://git.kernel.org/stable/c/b379b3162ff55a70464c6a934ae9bf0497478a62
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
