Login Sign Up

CVE-2025-21922

5.5 MEDIUM

📋 TL;DR

A memory initialization vulnerability in the Linux kernel's PPP driver allows uninitialized data to be read by carefully crafted BPF programs. This could potentially lead to information disclosure or kernel instability. Systems using PPP connections with custom BPF filters are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches available for multiple stable branches
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only affects systems using PPP connections with custom BPF socket filters that read from offset 0

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of kernel memory contents or kernel crash leading to denial of service

🟠

Likely Case

Information disclosure of limited uninitialized kernel memory

🟢

If Mitigated

No impact as normal BPF programs don't read the uninitialized data

🌐 Internet-Facing: LOW - Requires PPP connection with custom BPF filters
🏢 Internal Only: LOW - Requires PPP connection with custom BPF filters

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires crafting specialized BPF programs and access to PPP interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 1eacd47636a9de5bee25d9d5962dc538a82d9f0b, 2f591cb158807bdcf424f66f1fbfa6e4e50f3757, 3de809a768464528762757e433cd50de35bcb3c1, 4c2d14c40a68678d885eab4008a0129646805bae, 4e2191b0fd0c064d37b0db67396216f2d4787e0f

Vendor Advisory: https://git.kernel.org/stable/c/1eacd47636a9de5bee25d9d5962dc538a82d9f0b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable PPP module

linux

Remove PPP kernel module if not needed

sudo modprobe -r ppp_generic
sudo modprobe -r pppoe
sudo modprobe -r pppox

Block custom BPF programs on PPP interfaces

linux

Restrict BPF program loading on PPP sockets

sudo sysctl -w kernel.bpf_disabled=1

🧯 If You Can't Patch

  • Disable PPP functionality if not required
  • Implement network segmentation to isolate PPP interfaces

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if PPP module is loaded: lsmod | grep ppp

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check for presence of fix commits in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KMSAN warning messages in dmesg

Network Indicators:

  • Unusual PPP traffic patterns
  • BPF program loading on PPP sockets

SIEM Query:

Search for kernel panic events or PPP interface errors

📊 Metadata

CVE ID: CVE-2025-21922
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-908
EPSS Score: 0.09% exploit probability (24.8th percentile)
Published: April 1, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21922, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)