CVE-2025-21995
📋 TL;DR
This CVE describes a fence reference count leak vulnerability in the Linux kernel's DRM scheduler component. When an entity is being killed and adding a cleanup callback fails, the last_scheduled fence reference isn't properly released, causing a memory leak. This affects systems running vulnerable Linux kernel versions with DRM graphics drivers.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.
Likely Case
Memory leak that gradually consumes kernel resources, potentially leading to performance degradation or system instability over time.
If Mitigated
Minimal impact with proper monitoring and resource limits in place; memory leak would be detected before causing system failure.
🎯 Exploit Status
Exploitation requires triggering specific DRM scheduler conditions; likely requires local access and kernel module interaction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check kernel git commits: 1135a9431160575466ea9ac37ebd756ecbe35fff, 35399c84dcedd6d31448fb9e1336ef52673f2882, a952f1ab696873be124e31ce5ef964d36bce817f, c76bd3c99293834de7d1dca5de536616d5655e38
Vendor Advisory: https://git.kernel.org/stable/c/1135a9431160575466ea9ac37ebd756ecbe35fff
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable DRM scheduler if not needed
linuxIf graphics hardware isn't required, disable DRM subsystem to remove attack surface
modprobe -r drm_sched
echo 'blacklist drm_sched' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Implement kernel memory monitoring and alerting for unusual consumption patterns
- Restrict local user access and limit kernel module loading capabilities
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if DRM scheduler is loaded: lsmod | grep drm_schedCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security update verification tools📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Memory allocation failures in kernel logs
- System instability events
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("out of memory" OR "kernel panic" OR "BUG:")