Login Sign Up

CVE-2025-21944

5.5 MEDIUM
Denial of Service

📋 TL;DR

A race condition vulnerability in the Linux kernel's ksmbd SMB server implementation could cause a kernel panic (bug-on trap) when handling SMB2 lock operations with multiple locks. This affects systems running vulnerable Linux kernel versions with ksmbd enabled, potentially causing denial of service.

💻 Affected Systems

Products:
  • Linux kernel with ksmbd module
Versions: Linux kernel versions with vulnerable ksmbd implementation (specific versions not specified in CVE, but patches available in stable trees)
Operating Systems: Linux distributions with ksmbd enabled
Default Config Vulnerable: ✅ No
Notes: ksmbd is not enabled by default in most Linux distributions. Only systems with ksmbd explicitly loaded and configured are vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot the system.

🟠

Likely Case

System crash or instability when SMB clients perform specific lock operations on files served by ksmbd, resulting in temporary service disruption.

🟢

If Mitigated

Minimal impact if ksmbd is not enabled or if affected systems are isolated from untrusted SMB clients.

🌐 Internet-Facing: MEDIUM - ksmbd servers exposed to internet could be crashed by malicious SMB clients, but requires SMB access and specific conditions.
🏢 Internal Only: MEDIUM - Internal attackers or misconfigured clients could crash ksmbd servers, disrupting file sharing services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires SMB client access to trigger specific lock operations. The vulnerability is a race condition, making reliable exploitation more complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in Linux kernel stable trees (commits referenced in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/11e0e74e14f1832a95092f2c98ed3b99f57797ee

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fixes from stable tree. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Unload ksmbd kernel module to prevent exploitation

sudo rmmod ksmbd

Block SMB access

linux

Use firewall rules to restrict SMB access to trusted clients only

sudo iptables -A INPUT -p tcp --dport 445 -s TRUSTED_NETWORK -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 445 -j DROP

🧯 If You Can't Patch

  • Disable ksmbd service and use alternative SMB implementations like Samba
  • Implement network segmentation to isolate ksmbd servers from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or check that ksmbd module version matches patched release.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • ksmbd crash logs
  • Unexpected system reboots

Network Indicators:

  • Unusual SMB lock request patterns from single clients
  • Multiple failed SMB connections followed by service disruption

SIEM Query:

source="kernel" AND "panic" OR "Oops" AND process="ksmbd"

📊 Metadata

CVE ID: CVE-2025-21944
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
EPSS Score: 0.07% exploit probability (21.6th percentile)
Published: April 1, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21944, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)