CVE-2025-21762
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's ARP (Address Resolution Protocol) implementation. The arp_xmit() function can be called without proper RCU (Read-Copy-Update) protection, potentially allowing local attackers to cause memory corruption. This affects all Linux systems using vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic leading to denial of service, or arbitrary code execution in kernel context.
Likely Case
Local denial of service through kernel panic or system crash.
If Mitigated
Minimal impact with proper kernel hardening and restricted local access.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel memory management. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the referenced git commits: 01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe, 10f555e3f573d004ae9d89b3276abb58c4ede5c3, 2c331718d3389b6c5f6855078ab7171849e016bd, 307cd1e2d3cb1cbc6c40c679cada6d7168b18431, a42b69f692165ec39db42d595f4f65a4c8f42e44
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Check your Linux distribution's security advisories. 2. Update kernel package using your package manager (apt, yum, dnf, etc.). 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict local user access
allLimit local user accounts and implement strict access controls to reduce attack surface.
🧯 If You Can't Patch
- Implement strict access controls to limit local user accounts
- Enable kernel hardening features like SELinux/AppArmor to limit impact
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's security advisory. Vulnerable if using unpatched kernel before fixes were applied.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from your distribution's security advisory.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash dumps
- Unexpected system reboots
Network Indicators:
- Unusual ARP traffic patterns from local processes
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "segfault")🔗 References
- https://git.kernel.org/stable/c/01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe
- https://git.kernel.org/stable/c/10f555e3f573d004ae9d89b3276abb58c4ede5c3
- https://git.kernel.org/stable/c/2c331718d3389b6c5f6855078ab7171849e016bd
- https://git.kernel.org/stable/c/307cd1e2d3cb1cbc6c40c679cada6d7168b18431
- https://git.kernel.org/stable/c/a42b69f692165ec39db42d595f4f65a4c8f42e44
- https://git.kernel.org/stable/c/d9366ac2f956a1948b68c0500f84a3462ff2ed8a
- https://git.kernel.org/stable/c/e9f4dee534eb1b225b0a120395ad9bc2afe164d3
- https://git.kernel.org/stable/c/f189654459423d4d48bef2d120b4bfba559e6039
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
