CVE-2025-21977
📋 TL;DR
A race condition in the Linux kernel's hyperv_fb driver causes system hangs during kdump kernel execution on Hyper-V Gen 2 virtual machines. When the framebuffer moves to a different memory address due to driver conflicts, the kdump kernel attempts to access the wrong address, triggering Hyper-V throttling that makes the system appear hung. This affects Linux systems running as Gen 2 Hyper-V VMs with kdump enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability during crash recovery, preventing collection of crash dumps and potentially extending downtime during critical failure scenarios.
Likely Case
Kdump kernel hangs or runs extremely slowly when triggered, making crash dump collection unreliable on affected Hyper-V Gen 2 VMs.
If Mitigated
Kdump functions normally with reliable crash dump collection when proper kernel patches or workarounds are applied.
🎯 Exploit Status
This is a reliability bug, not a security vulnerability in the traditional sense. It cannot be exploited for privilege escalation or remote access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernels with commits 2924802d35e0, 304386373007, or cfffe46a994a
Vendor Advisory: https://git.kernel.org/stable/c/2924802d35e00a36b1503a4e786f1926b2fdc1d0
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Check with your distribution for backported patches. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Use kexec_load instead of kexec_file_load
linuxForce kdump to use kexec_load() system call instead of kexec_file_load() to avoid the framebuffer address confusion
Edit /etc/sysconfig/kdump or kdump configuration file
Add or set: KEXEC_ARGS="--load"
Restart kdump service: systemctl restart kdump
Disable hyperv_fb driver
linuxPrevent hyperv_fb from loading to avoid the framebuffer movement issue
echo "blacklist hyperv_fb" > /etc/modprobe.d/blacklist-hyperv_fb.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Configure kdump to use kexec_load() instead of kexec_file_load()
- Disable kdump functionality if not required for your environment
🔍 How to Verify
Check if Vulnerable:
Check if running on Hyper-V Gen 2 VM with: dmesg | grep -i hyperv && cat /sys/firmware/efi/fw_platform_sizeCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: uname -r && zgrep -E '(2924802d35e0|304386373007|cfffe46a994a)' /proc/config.gz📡 Detection & Monitoring
Log Indicators:
- Kernel panic followed by kdump timeout messages
- Hyper-V throttling messages in dmesg
- Failed kdump collection in /var/log/messages
Network Indicators:
- None - local issue only
SIEM Query:
source="kernel" AND ("kdump failed" OR "hyperv_fb" OR "efifb" AND "hang")