CVE-2025-21799
📋 TL;DR
A Linux kernel vulnerability in the TI AM65x CPSW Ethernet driver allows improper IRQ handling when changing network channel configurations. This can cause kernel warnings and potential system instability when users modify network channel settings. Systems using affected Linux kernel versions with the TI AM65x CPSW Ethernet driver are vulnerable.
💻 Affected Systems
- Linux kernel with TI AM65x CPSW Ethernet driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially disrupting network connectivity and system availability.
Likely Case
Kernel warning messages and system instability when users attempt to modify network channel configurations via .set_channels.
If Mitigated
Minor system logs showing kernel warnings without significant operational impact.
🎯 Exploit Status
Requires privileged access to trigger via .set_channels interface. Not easily weaponized for remote exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with fixes from stable commits: 321990fdf4f1, 4395a44acb15, 8448c87b3af6, 88fd5db8c007, 8aae91ae1c65
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify driver functionality after reboot.
🔧 Temporary Workarounds
Restrict network channel configuration
linuxPrevent users from modifying network channel configurations via .set_channels interface
echo 0 > /sys/class/net/<interface>/channels/tx_max
chmod 400 /sys/class/net/<interface>/channels/*
🧯 If You Can't Patch
- Restrict user access to network configuration tools and sysfs interfaces
- Monitor system logs for kernel warnings related to IRQ handling or CPSW driver
🔍 How to Verify
Check if Vulnerable:
Check if system uses TI AM65x CPSW Ethernet driver: 'lsmod | grep am65_cpsw' and check kernel version against affected versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: 'uname -r' and check git log for fix commits📡 Detection & Monitoring
Log Indicators:
- Kernel warnings about invalid IRQ freeing
- CPSW driver error messages
- System instability after network configuration changes
Network Indicators:
- Network interface errors after channel configuration changes
SIEM Query:
source="kernel" AND ("am65_cpsw" OR "IRQ" AND "invalid" OR "freeing")🔗 References
- https://git.kernel.org/stable/c/321990fdf4f1bb64e818c7140688bf33d129e48d
- https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80
- https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515
- https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475
- https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6
- https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd
- https://git.kernel.org/stable/c/ed8c0300f302338c36edb06bca99051e5be6fb2f
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
