CVE-2025-21950 – This CVE describes an information disclosure vu... (How to Fix)

Q: What is the severity of CVE-2025-21950?

CVE-2025-21950 has a CVSS score of 7.1 (HIGH). This CVE describes an information disclosure vulnerability in the Linux kernel's ACRN hypervisor subsystem. The vulnerability allows uninitialized kernel memory to be leaked to user space through the pmcmd_ioctl function, potentially exposing sensitive data. Systems running affected Linux kernel versions with ACRN hypervisor support are vulnerable.

📋 TL;DR

This CVE describes an information disclosure vulnerability in the Linux kernel's ACRN hypervisor subsystem. The vulnerability allows uninitialized kernel memory to be leaked to user space through the pmcmd_ioctl function, potentially exposing sensitive data. Systems running affected Linux kernel versions with ACRN hypervisor support are vulnerable.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific affected versions not specified in CVE description; check kernel commit history for exact ranges

Operating Systems: Linux distributions with ACRN hypervisor support

Default Config Vulnerable: ⚠️ Yes

Notes: Only systems with ACRN hypervisor functionality enabled are affected. Most standard Linux distributions do not enable ACRN by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive kernel memory contents including passwords, encryption keys, or other privileged data could be exposed to unprivileged users.

🟠

Likely Case

Limited information disclosure of kernel memory contents, potentially revealing system state or configuration details.

🟢

If Mitigated

No data leakage occurs; user-space receives properly initialized buffers.

🌐 Internet-Facing: LOW - This requires local access to the system and specific ioctl calls.

🏢 Internal Only: MEDIUM - Local users or processes could exploit this to gather sensitive system information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to call the vulnerable ioctl. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 1b8f7a2caa7f9cdfd135e3f78eb9d7e36fb95083, 4e15cf870d2c748e45d45ffc4d5b1dc1b7d50120, 524f29d78c9bdeb49f31f5b0376a07d2fc5cf563, 819cec1dc47cdeac8f5dd6ba81c1dbee2a68c3bb, a4c21b878f0e237f45209a324c903ea7fb05247d

Vendor Advisory: https://git.kernel.org/stable/c/1b8f7a2caa7f9cdfd135e3f78eb9d7e36fb95083

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ACRN hypervisor module

linux

Prevent loading of the vulnerable ACRN hypervisor module

echo 'blacklist acrn_hsm' >> /etc/modprobe.d/blacklist-acrn.conf
rmmod acrn_hsm

🧯 If You Can't Patch

Restrict access to /dev/acrn_hsm device file to trusted users only
Implement strict access controls and monitoring for users with local system access

🔍 How to Verify

Check if Vulnerable:

Check if ACRN hypervisor module is loaded: lsmod | grep acrn_hsm

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: grep -r '1b8f7a2caa7f9cdfd135e3f78eb9d7e36fb95083' /usr/src/linux

📡 Detection & Monitoring

Log Indicators:

Unusual ioctl calls to /dev/acrn_hsm device
Failed attempts to access ACRN hypervisor functionality

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

process.name='acrn_hsm' AND ioctl_call='pmcmd'

📊 Metadata

CVE ID: CVE-2025-21950

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score: 0.06% exploit probability (19.6th percentile)

Published: April 1, 2025

Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON