CVE-2025-21767
📋 TL;DR
A race condition vulnerability in the Linux kernel's clocksource subsystem where get_random_u32() is called in atomic context on PREEMPT_RT kernels, potentially causing kernel panics or system instability. This affects Linux systems using PREEMPT_RT (Real-Time) kernels with specific configurations.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting critical real-time operations.
Likely Case
System instability or watchdog timeouts causing performance degradation in real-time applications.
If Mitigated
Minor performance impact during clocksource verification with proper kernel configuration.
🎯 Exploit Status
This is a race condition that requires specific kernel operations to trigger, making exploitation difficult.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with commits 0fb534187d2355f6c8f995321e76d1ccd1262ac1 or later
Vendor Advisory: https://git.kernel.org/stable/c/0fb534187d2355f6c8f995321e76d1ccd1262ac1
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor
2. Rebuild kernel if using custom kernel
3. Reboot system to load new kernel
🔧 Temporary Workarounds
Disable PREEMPT_RT
linuxSwitch to standard kernel configuration without real-time patches
Use standard kernel package instead of rt/preempt-rt variant
Disable clocksource watchdog
linuxTurn off clocksource verification that triggers the vulnerable code path
echo 0 > /sys/devices/system/clocksource/clocksource0/watchdog
🧯 If You Can't Patch
- Disable PREEMPT_RT kernel configuration and use standard kernel
- Monitor system logs for watchdog timeouts or kernel panics and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if using PREEMPT_RT kernel: uname -r | grep -i rt && check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit: grep -q 'clocksource.*migrate_disable' /proc/kallsyms || check kernel source for fix📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning get_random_u32 in atomic context
- Watchdog timeout errors in dmesg
- BUG: sleeping function called from invalid context
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND ("get_random_u32" OR "atomic context" OR "clocksource_verify")🔗 References
- https://git.kernel.org/stable/c/0fb534187d2355f6c8f995321e76d1ccd1262ac1
- https://git.kernel.org/stable/c/60f54f0d4ea530950549a8263e6fdd70a40490a4
- https://git.kernel.org/stable/c/6bb05a33337b2c842373857b63de5c9bf1ae2a09
- https://git.kernel.org/stable/c/852805b6cbdb69c298a8fc9fbe79994c95106e04
- https://git.kernel.org/stable/c/8783ceeee797d9aa9cfe150690fb9d0bac8cc459
- https://git.kernel.org/stable/c/cc3d79e7c806cb57d71c28a4a35e7d7fb3265faa
- https://git.kernel.org/stable/c/d9c217fadfcff7a8df58567517d1e4253f3fd243
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
