Login Sign Up

CVE-2025-21772

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE-2025-21772 is a memory corruption vulnerability in the Linux kernel's Mac partition table handling code. Attackers could exploit this by providing a specially crafted partition table to cause out-of-bounds memory access, potentially leading to system crashes or arbitrary code execution. All Linux systems using the affected kernel versions are vulnerable when processing Mac-formatted storage devices.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE description; check kernel commit history for exact ranges
Operating Systems: All Linux distributions
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when mounting or accessing Mac-formatted storage devices (HDDs, SSDs, USB drives, disk images).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution if combined with other vulnerabilities.

🟠

Likely Case

System crash or kernel panic when processing malicious partition tables, causing denial of service.

🟢

If Mitigated

Kernel panic with system reboot required, but no privilege escalation if proper kernel hardening is in place.

🌐 Internet-Facing: LOW - Requires physical or local access to mount malicious storage devices.
🏢 Internal Only: MEDIUM - Malicious insiders or compromised internal systems could exploit this by mounting crafted storage devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to mount a malicious storage device; local access or physical device insertion needed. Exploitation depends on kernel memory layout and mitigations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check kernel commits: 213ba5bd81b7e97ac6e6190b8f3bc6ba76123625, 27a39d006f85e869be68c1d5d2ce05e5d6445bf5, 40a35d14f3c0dc72b689061ec72fc9b193f37d1f, 6578717ebca91678131d2b1f4ba4258e60536e9f, 7fa9706722882f634090bfc9af642bf9ed719e27

Vendor Advisory: https://git.kernel.org/stable/c/213ba5bd81b7e97ac6e6190b8f3bc6ba76123625

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels: apply commits listed in references. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Block Mac partition mounting

Linux

Prevent mounting of Mac-formatted storage devices using kernel module blacklisting

echo 'blacklist hfs' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist hfsplus' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

  • Restrict physical access to storage device ports (USB, SATA)
  • Implement strict device mounting policies and audit all storage device usage

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched commits: uname -r and examine kernel source for partition/mac.c changes

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check /proc/version for patched kernel string

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • OOM killer activity related to kernel memory
  • Failed mount attempts for Mac partitions

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="kern.log" AND ("kernel panic" OR "Oops" OR "BUG") AND ("partition" OR "mac" OR "hfs")

📊 Metadata

CVE ID: CVE-2025-21772
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.03% exploit probability (9.3th percentile)
Published: February 27, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21772, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)