CVE-2025-21728
📋 TL;DR
A Linux kernel vulnerability where BPF programs running in non-preemptible contexts can cause system instability when using the bpf_send_signal() kfunc, which may sleep. This affects systems running vulnerable Linux kernel versions with BPF enabled. Attackers could potentially trigger denial of service conditions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to complete denial of service, potentially requiring physical access to restore functionality.
Likely Case
System instability, application crashes, or temporary denial of service affecting specific processes or services.
If Mitigated
Minimal impact if BPF is disabled or systems are properly patched; isolated process failures at most.
🎯 Exploit Status
Exploitation requires ability to load and execute BPF programs, which typically requires elevated privileges. The vulnerability is in kernel code execution path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific kernel versions from provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/092fc76b7ab4163e008f9cde596a58dad2108260
Restart Required: Yes
Instructions:
1. Identify current kernel version. 2. Apply kernel update from your distribution's repository. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable BPF subsystem
linuxPrevents loading and execution of BPF programs that could trigger the vulnerability
echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
sysctl -w kernel.unprivileged_bpf_disabled=1
Restrict BPF capabilities
linuxLimit which users can load BPF programs using Linux capabilities
setcap -r /path/to/binary
capsh --drop=cap_bpf -- -c 'command'
🧯 If You Can't Patch
- Restrict BPF program loading to trusted users only using Linux capabilities and namespaces.
- Implement strict monitoring for BPF program execution and system stability metrics.
🔍 How to Verify
Check if Vulnerable:
Check kernel version against patched versions in git commits: uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version and test BPF functionality📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- BPF program loading failures
- System instability logs
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "oops" OR "BPF")🔗 References
- https://git.kernel.org/stable/c/092fc76b7ab4163e008f9cde596a58dad2108260
- https://git.kernel.org/stable/c/78b97783496b454435639937db3303e900a24d3f
- https://git.kernel.org/stable/c/87c544108b612512b254c8f79aa5c0a8546e2cc4
- https://git.kernel.org/stable/c/be42a09fe898635b0093c0c8dac1bfabe225c240
- https://git.kernel.org/stable/c/ce51eab2070e295d298f42a2f1db269cd1b56d55
- https://git.kernel.org/stable/c/e306eaaa3d78b462db5f5b11e0171f9d2b6ca3f4
- https://git.kernel.org/stable/c/eeef8e65041a031bd8a747a392c14b76a123a12c
- https://git.kernel.org/stable/c/feba1308bc5e8e04cee751d39fae8a9b407a9034
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
