CVE-2025-21812 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-21812?

CVE-2025-21812 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's AX.25 protocol implementation allows local attackers to potentially escalate privileges or crash the system. The issue occurs due to improper locking in the ax25_setsockopt() function, which can lead to race conditions and memory corruption. This affects systems with AX.25 networking enabled, typically amateur radio systems and some embedded devices.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's AX.25 protocol implementation allows local attackers to potentially escalate privileges or crash the system. The issue occurs due to improper locking in the ax25_setsockopt() function, which can lead to race conditions and memory corruption. This affects systems with AX.25 networking enabled, typically amateur radio systems and some embedded devices.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated, but references suggest multiple stable branches. Likely affects versions with the vulnerable AX.25 code.

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if AX.25 protocol support is compiled into the kernel and enabled. Many distributions disable AX.25 by default or compile it as a module.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic leading to denial of service, or arbitrary code execution in kernel context.

🟠

Likely Case

Kernel crash or denial of service on affected systems, potentially leading to system instability.

🟢

If Mitigated

Minimal impact if AX.25 is disabled or systems are properly patched.

🌐 Internet-Facing: LOW - Requires local access or AX.25 network access, not typically internet-facing.

🏢 Internal Only: MEDIUM - Local attackers on multi-user systems or via AX.25 network could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or AX.25 network access. Exploitation involves race conditions which can be challenging to reliably trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 2802ed4ced27ebd474828fc67ffd7d66f11e3605, 7705d8a7f2c26c80973c81093db07c6022b2b30e, 8937f5e38a218531dce2a89fae60e3adcc2311e1, 95fc45d1dea8e1253f8ec58abc5befb71553d666, c2531db6de3c95551be58878f859c6a053b7eb2e

Vendor Advisory: https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67ffd7d66f11e3605

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable AX.25 module

Linux

Remove or blacklist AX.25 kernel module if not needed

echo 'blacklist ax25' >> /etc/modprobe.d/blacklist.conf
rmmod ax25

🧯 If You Can't Patch

Disable AX.25 protocol support via kernel configuration or module blacklisting
Restrict local user access and monitor for suspicious AX.25 socket operations

🔍 How to Verify

Check if Vulnerable:

Check if AX.25 module is loaded: lsmod | grep ax25. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include the fix commits. Check that AX.25 module is either not loaded or is from patched kernel.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to AX.25
System crashes or panics after AX.25 operations
dmesg warnings about lockdep or use-after-free

Network Indicators:

Unusual AX.25 socket operations from untrusted sources

SIEM Query:

Process monitoring for setsockopt calls with AX.25 sockets from non-privileged users

📊 Metadata

CVE ID: CVE-2025-21812

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: February 27, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21812, you might also want to check these: