Login Sign Up

CVE-2025-21764

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's NDISC (Neighbor Discovery) protocol implementation. Attackers could potentially exploit this to cause kernel crashes or execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not explicitly stated in CVE description; check kernel commit history for affected versions.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: IPv6 must be enabled and NDISC functionality active. Most modern Linux systems have IPv6 enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or arbitrary code execution with kernel privileges resulting in complete system compromise.

🟠

Likely Case

Kernel crash leading to denial of service and system instability.

🟢

If Mitigated

Minimal impact if proper kernel hardening and isolation are in place, though crashes may still occur.

🌐 Internet-Facing: MEDIUM - Requires network access to trigger NDISC operations, but many systems have IPv6 enabled by default.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires understanding of kernel memory management and NDISC protocol. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 3c2d705f5adf5d860aaef90cb4211c0fde2ba66d, 628e6d18930bbd21f2d4562228afe27694f66da9, 96fc896d0e5b37c12808df797397fb16f3080879, 9e0ec817eb41a55327a46cd3ce331a9868d60304, b870256dd2a5648d5ed2f22316b3ac29a7e5ed63

Vendor Advisory: https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable IPv6

Linux

Disable IPv6 to prevent NDISC operations that could trigger the vulnerability

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

🧯 If You Can't Patch

  • Implement network segmentation to limit access to vulnerable systems
  • Apply kernel hardening measures like SELinux/AppArmor to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions. Examine kernel configuration for IPv6 and NDISC support.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits. Test NDISC functionality after patch.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • OOM killer activity
  • System crash/reboot logs

Network Indicators:

  • Unusual IPv6 neighbor discovery traffic
  • Malformed NDISC packets

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BUG") AND ("ndisc" OR "neighbor discovery")

📊 Metadata

CVE ID: CVE-2025-21764
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.04% exploit probability (11th percentile)
Published: February 27, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21764, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)