CVE-2025-21894
📋 TL;DR
A vulnerability in the Linux kernel's ENETC network driver allows Virtual Functions (VFs) to attempt accessing hardware registers they cannot reach, causing a kernel crash when using one-step timestamping. This affects systems using ENETC network interfaces with SR-IOV virtualization enabled. The vulnerability is triggered when VFs are configured for HWTSTAMP_TX_ONESTEP_SYNC timestamping mode.
💻 Affected Systems
- Linux kernel with ENETC driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting network connectivity and causing system downtime.
Likely Case
System crash when VFs attempt to use one-step timestamping functionality, resulting in temporary service interruption until system reboot.
If Mitigated
No impact if VFs are not configured for HWTSTAMP_TX_ONESTEP_SYNC timestamping or if proper access controls prevent VF register access.
🎯 Exploit Status
Exploitation requires ability to configure VF network interfaces with specific timestamping settings, typically requiring privileged access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 1748531839298ab7be682155f6cd98ae04773e6a, 3d9634211121700568d0e3635ebdd5df06d20440, 8c393efd7420cc994864d059fcc6219bfd7cb840, a562d0c4a893eae3ea51d512c4d90ab858a6b7ec
Vendor Advisory: https://git.kernel.org/stable/c/1748531839298ab7be682155f6cd98ae04773e6a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify driver no longer attempts to access restricted registers from VFs.
🔧 Temporary Workarounds
Disable one-step timestamping on VFs
linuxPrevent VFs from using HWTSTAMP_TX_ONESTEP_SYNC timestamping mode
ethtool -T <interface> | grep 'one-step'
# If enabled, disable via appropriate configuration
Restrict VF timestamping capabilities
linuxConfigure system to prevent VFs from accessing advanced timestamping features
# Configure SR-IOV to limit VF capabilities
# Check with: lspci -vvv | grep -A 20 ENETC
🧯 If You Can't Patch
- Disable HWTSTAMP_TX_ONESTEP_SYNC timestamping on all ENETC VF interfaces
- Monitor for kernel crash logs related to enetc_port_mac_wr or enetc_start_xmit functions
🔍 How to Verify
Check if Vulnerable:
Check if system uses ENETC interfaces with SR-IOV VFs and if kernel version predates fix commits: uname -r && grep ENETC /proc/modulesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test VF timestamping configuration without causing crashes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning enetc_port_mac_wr
- Page fault errors at address 00000000000080c0
- Call traces including enetc_start_xmit
Network Indicators:
- Sudden loss of network connectivity on ENETC interfaces
- VF network interface failures
SIEM Query:
event_source="kernel" AND (message:"enetc_port_mac_wr" OR message:"Unable to handle kernel paging request" AND address:"80c0")