CVE-2025-21972
📋 TL;DR
A memory management vulnerability in the Linux kernel's MCTP (Management Component Transport Protocol) subsystem allows incorrect packet reassembly and memory leaks when packets are cloned. This affects systems using MCTP-over-USB drivers or other configurations where SKB cloning occurs. The vulnerability can lead to system instability and potential denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to memory corruption from circular references in packet fragments, leading to denial of service.
Likely Case
Memory leaks causing gradual system performance degradation and potential instability in MCTP communication.
If Mitigated
Minimal impact if MCTP is not used or if affected drivers are disabled.
🎯 Exploit Status
Exploitation requires sending specially crafted MCTP packets to trigger the cloning/reassembly issue. The kunit test demonstrates the vulnerability but isn't a weaponized exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 5c47d5bfa7b096cf8890afac32141c578583f8e0, f44fff3d3c6cd67b6f348b821d73c4d6888c7a6e, or f5d83cf0eeb90fade4d5c4d17d24b8bee9ceeecc
Vendor Advisory: https://git.kernel.org/stable/c/5c47d5bfa7b096cf8890afac32141c578583f8e0
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable MCTP subsystem
linuxDisable the MCTP kernel module to prevent exploitation
modprobe -r mctp
echo 'blacklist mctp' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Disable MCTP functionality if not required for system operation
- Implement network segmentation to isolate MCTP traffic and limit exposure
🔍 How to Verify
Check if Vulnerable:
Check if MCTP module is loaded: lsmod | grep mctp. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and MCTP module functions correctly after update.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to MCTP or skb_shared_info
- Memory leak warnings in kernel logs
Network Indicators:
- Unusual MCTP packet patterns or high volume of MCTP traffic
SIEM Query:
source="kernel" AND ("mctp" OR "skb_shared_info" OR "memory leak")