CVE-2025-21785
📋 TL;DR
This CVE describes an out-of-bounds write vulnerability in the Linux kernel's ARM64 cacheinfo subsystem. The flaw could allow local attackers to corrupt kernel memory, potentially leading to privilege escalation or system crashes. It affects Linux systems running on ARM64 architecture with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic leading to denial of service, or arbitrary code execution in kernel context.
Likely Case
Kernel panic causing system crash/reboot, or local privilege escalation if combined with other vulnerabilities.
If Mitigated
Limited impact due to requiring local access; proper access controls and kernel hardening reduce exploit success.
🎯 Exploit Status
Requires local access and knowledge of kernel memory layout. Exploitation depends on specific cache configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check kernel commits: 4371ac7b494e933fffee2bd6265d18d73c4f05aa and related
Vendor Advisory: https://git.kernel.org/stable/c/4371ac7b494e933fffee2bd6265d18d73c4f05aa
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Rebuild kernel if using custom build. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict local user access
allLimit local shell access to trusted users only
# Review /etc/passwd and /etc/shadow for unnecessary accounts
# Use sudo policies to restrict privileged operations
🧯 If You Can't Patch
- Implement strict access controls to prevent untrusted local users
- Enable kernel hardening features like KASLR, stack protection
🔍 How to Verify
Check if Vulnerable:
Check kernel version and architecture: uname -a should show ARM64/aarch64. Review kernel source for vulnerable cacheinfo.c code.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond fix commits. Check /proc/cpuinfo for cache information without system crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- Segmentation faults in kernel context
- System crash/reboot events
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "segfault") AND process="kernel"🔗 References
- https://git.kernel.org/stable/c/4371ac7b494e933fffee2bd6265d18d73c4f05aa
- https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e4620428bcdc1213860
- https://git.kernel.org/stable/c/67b99a2b5811df4294c2ad50f9bff3b6a08bd618
- https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2ffb81414d9f708e5
- https://git.kernel.org/stable/c/875d742cf5327c93cba1f11e12b08d3cce7a88d2
- https://git.kernel.org/stable/c/88a3e6afaf002250220793df99404977d343db14
- https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959ab6c8dcb09127f8
- https://git.kernel.org/stable/c/e4fde33107351ec33f1a64188612fbc6ca659284
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
