CVE-2025-21980 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2025-21980?

CVE-2025-21980 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's GRED scheduler could cause kernel crashes when memory allocation fails. This affects Linux systems using the GRED scheduler for traffic control. Attackers could potentially trigger this condition to cause denial of service.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's GRED scheduler could cause kernel crashes when memory allocation fails. This affects Linux systems using the GRED scheduler for traffic control. Attackers could potentially trigger this condition to cause denial of service.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches are available in stable kernel trees.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems using the GRED (Generic Random Early Detection) scheduler for traffic control. Most systems don't use GRED by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

Local denial of service affecting the specific system where the vulnerability is triggered.

🟢

If Mitigated

Minimal impact if systems have proper memory management and the GRED scheduler is not in use.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific kernel conditions.

🏢 Internal Only: MEDIUM - Internal users with local access could potentially trigger the condition.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering specific memory allocation failure conditions in the kernel, which is difficult to reliably achieve.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits referenced in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/0f0a152957d64ce45b4c27c687e7d087e8f45079

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution's repositories. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable GRED scheduler

linux

Remove or disable GRED traffic control configurations if not needed

tc qdisc del dev <interface> root
Remove GRED configurations from /etc/network/interfaces or network scripts

🧯 If You Can't Patch

Ensure GRED scheduler is not configured or in use on the system
Implement strict access controls to prevent local users from manipulating network traffic control settings

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if GRED is configured: 'uname -r' and 'tc qdisc show | grep gred'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and check that GRED configurations work without crashes

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
System crash/reboot logs

Network Indicators:

Sudden loss of network traffic control functionality

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "NULL pointer dereference") AND "gred"

📊 Metadata

CVE ID: CVE-2025-21980

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.09% exploit probability (25.8th percentile)

Published: April 1, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21980, you might also want to check these: