CVE-2025-21725
📋 TL;DR
A Linux kernel vulnerability in the SMB client where unset link speed values cause a divide-by-zero error, leading to kernel oops (system crash). This affects Linux systems using the CIFS/SMB client module to access network shares. The vulnerability can be triggered by reading debug data from /proc.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or instability when accessing /proc filesystem debug information related to SMB connections.
If Mitigated
Minor performance impact with default link speed assumption when server doesn't provide link speed.
🎯 Exploit Status
Exploitation requires local access to trigger the divide-by-zero error via debug interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 208e102a2fca44e40a6c3f7b9e2609cfd17a15aa or later
Vendor Advisory: https://git.kernel.org/stable/c/208e102a2fca44e40a6c3f7b9e2609cfd17a15aa
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Restrict /proc access
linuxLimit access to /proc filesystem to prevent triggering the vulnerability
chmod 700 /proc/fs/cifs
set appropriate permissions on /proc debug interfaces
Unload CIFS module
linuxRemove CIFS/SMB client module if not needed
rmmod cifs
modprobe -r cifs
🧯 If You Can't Patch
- Restrict user access to /proc filesystem and debug interfaces
- Monitor system logs for kernel oops messages related to CIFS/SMB
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if CIFS module is loaded: uname -r && lsmod | grep cifsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -i 'cifs.*link.*speed' /proc/kallsyms or check kernel changelog📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in /var/log/kern.log or dmesg
- Divide error exceptions related to CIFS
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("divide error" OR "oops") AND ("cifs" OR "smb")🔗 References
- https://git.kernel.org/stable/c/208e102a2fca44e40a6c3f7b9e2609cfd17a15aa
- https://git.kernel.org/stable/c/3f901c35e1a1b3ed1b528a17ffdb941aa0294458
- https://git.kernel.org/stable/c/699179dfc8d7da457b152ca5d18ae45f9ed9beaa
- https://git.kernel.org/stable/c/ad3b49fbdb156aa8ee2026ba590642c9b5a410f2
- https://git.kernel.org/stable/c/be7a6a77669588bfa5022a470989702bbbb11e7f
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
