CVE-2025-21723
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's mpi3mr SCSI driver can cause a kernel crash when the driver's BSG (Block SCSI Generic) setup fails during device removal. This affects systems using the mpi3mr driver for Broadcom/Emulex SAS/SATA/NVMe controllers. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with mpi3mr driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or corruption if active I/O operations are interrupted.
Likely Case
System crash during driver removal (e.g., device hot removal, driver unloading) resulting in temporary denial of service until system reboot.
If Mitigated
No impact if the vulnerable code path isn't triggered during normal operations.
🎯 Exploit Status
Exploitation requires local access and ability to trigger driver removal (e.g., via device hot removal or driver unloading).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 19b248069d1b1424982723a2bf3941ad864d5204, 295006f6e8c17212d3098811166e29627d19e05c, or 832b8f95a2832321b8200ae478ed988b25faaef4
Vendor Advisory: https://git.kernel.org/stable/c/19b248069d1b1424982723a2bf3941ad864d5204
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify kernel version and that mpi3mr driver loads correctly.
🔧 Temporary Workarounds
Disable mpi3mr driver
linuxPrevent loading of vulnerable mpi3mr driver if not required
echo 'blacklist mpi3mr' >> /etc/modprobe.d/blacklist-mpi3mr.conf
update-initramfs -u
reboot
Avoid driver removal operations
linuxPrevent triggering the vulnerability by avoiding hot removal of affected storage controllers
🧯 If You Can't Patch
- Restrict local access to prevent unauthorized users from triggering driver removal operations
- Monitor system logs for mpi3mr driver errors and avoid operations that trigger driver removal
🔍 How to Verify
Check if Vulnerable:
Check if mpi3mr driver is loaded: lsmod | grep mpi3mr. Check kernel version against affected ranges.Check Version:
uname -rVerify Fix Applied:
Verify kernel contains fix commit: git log --oneline | grep -E '19b248069d1b|295006f6e8c1|832b8f95a283'. Check dmesg for mpi3mr driver loading without errors.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages referencing mpi3mr_bsg_exit
- NULL pointer dereference errors in dmesg
- BSG setup failure messages
SIEM Query:
source="kernel" AND ("mpi3mr" OR "NULL pointer dereference" OR "BSG setup")