Login Sign Up

CVE-2025-21735

7.8 HIGH

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's NFC subsystem allows attackers to cause out-of-bounds writes by sending specially crafted NFC packets. This affects systems with NFC hardware enabled and the nci_hci_create_pipe() function exposed. Attackers with local or network access to NFC interfaces can potentially exploit this.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches available in stable kernel trees
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if NFC hardware is present and enabled in kernel configuration. Most servers and cloud instances are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, denial of service, or arbitrary code execution with kernel privileges.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially leading to system instability.

🟢

If Mitigated

No impact if NFC hardware is disabled or proper access controls restrict NFC interface access.

🌐 Internet-Facing: LOW - NFC typically requires physical proximity or local network access, not direct internet exposure.
🏢 Internal Only: MEDIUM - Attackers with local access or on the same network segment could exploit NFC interfaces if enabled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires access to NFC interface and ability to send crafted packets. Exploitation depends on specific memory layout and kernel configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits referenced in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/10b3f947b609713e04022101f492d288a014ddfa

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable NFC hardware

linux

Disable NFC hardware modules in kernel or physically disable NFC hardware

modprobe -r nci
echo 'blacklist nci' >> /etc/modprobe.d/blacklist.conf

Restrict NFC interface access

linux

Use kernel capabilities or access controls to restrict who can access NFC devices

chmod 600 /dev/nfc*
setcap -r /dev/nfc*

🧯 If You Can't Patch

  • Disable all NFC hardware and kernel modules
  • Implement strict network segmentation to isolate systems with NFC hardware

🔍 How to Verify

Check if Vulnerable:

Check if NFC modules are loaded: lsmod | grep -i nci; Check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version; Confirm NFC modules still function properly if needed

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • OOM killer activity
  • NFC subsystem error messages in dmesg

Network Indicators:

  • Unusual NFC packet patterns
  • Multiple connection attempts to NFC interfaces

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "nci")

📊 Metadata

CVE ID: CVE-2025-21735
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.04% exploit probability (13th percentile)
Published: February 27, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21735, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)