CVE-2025-21970
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's mlx5 bridge driver can cause a kernel crash when removing a Link Aggregation Group (LAG) device from a bridge. This affects systems using Mellanox network adapters with LAG/bonding configurations. The crash occurs due to improper LAG state checking when handling bridge events.
💻 Affected Systems
- Linux kernel with mlx5_core driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting network connectivity and requiring system reboot.
Likely Case
System crash when removing LAG devices from bridges, causing temporary network disruption until system is restarted.
If Mitigated
No impact if systems don't use mlx5 drivers with LAG/bonding configurations or have applied the patch.
🎯 Exploit Status
Requires local access and ability to modify network bridge/LAG configurations. Triggered during normal network reconfiguration operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 4b8eeed4fb105770ce6dc84a2c6ef953c7b71cbb, 5dd8bf6ab1d6db40f5d09603759fa88caec19e7f, 86ff45f5f61ae1d0d17f0f6d8797b052eacfd8f1, bd7e3a42800743a7748c83243e4cafc1b995d4c4, f7bf259a04271165ae667ad21cfc60c6413f25ca
Vendor Advisory: https://git.kernel.org/stable/c/4b8eeed4fb105770ce6dc84a2c6ef953c7b71cbb
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable LAG/bonding on mlx5 interfaces
linuxPrevent the vulnerability by avoiding LAG configurations on Mellanox network interfaces
# Remove bond interfaces: ip link del bond0
# Configure interfaces without bonding
Avoid bridge configuration changes while LAG is active
linuxMinimize risk by avoiding bridge modifications when LAG devices are configured
🧯 If You Can't Patch
- Restrict network configuration privileges to trusted administrators only
- Monitor for kernel panic/crash events and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5_core module is loaded with LAG configurations: lsmod | grep mlx5; ip link show type bondCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: uname -r; check distribution patch notes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- Stack trace mentioning mlx5_esw_bridge_update_work
- Bridge or network configuration change logs
Network Indicators:
- Sudden loss of network connectivity on affected interfaces
- Bridge interface state changes
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "mlx5_esw_bridge")🔗 References
- https://git.kernel.org/stable/c/4b8eeed4fb105770ce6dc84a2c6ef953c7b71cbb
- https://git.kernel.org/stable/c/5dd8bf6ab1d6db40f5d09603759fa88caec19e7f
- https://git.kernel.org/stable/c/86ff45f5f61ae1d0d17f0f6d8797b052eacfd8f1
- https://git.kernel.org/stable/c/bd7e3a42800743a7748c83243e4cafc1b995d4c4
- https://git.kernel.org/stable/c/f7bf259a04271165ae667ad21cfc60c6413f25ca
- https://git.kernel.org/stable/c/f90c4d6572488e2bad38cca00f1c59174a538a1a
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
