Login Sign Up

CVE-2025-21997

5.5 MEDIUM

📋 TL;DR

This CVE describes an integer overflow vulnerability in the Linux kernel's XDP socket (xsk) subsystem. When exploited, it can cause different XDP buffers to point to the same memory area, potentially leading to memory corruption or information disclosure. This affects systems running vulnerable Linux kernel versions with XDP functionality enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not explicitly stated in CVE, but patches available in stable kernel trees
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Requires XDP (eXpress Data Path) functionality to be enabled and used

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to kernel panic, privilege escalation, or arbitrary code execution in kernel context

🟠

Likely Case

System instability, crashes, or information disclosure through memory overlap

🟢

If Mitigated

Limited impact if XDP is disabled or proper memory isolation controls are in place

🌐 Internet-Facing: MEDIUM - Requires XDP functionality and specific network conditions
🏢 Internal Only: MEDIUM - Same requirements as internet-facing, but internal systems may have XDP enabled for performance

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires XDP functionality and specific conditions to trigger the integer overflow

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits referenced in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/130290f44bce0eead2b827302109afc3fe189ddd

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official kernel.org or distribution vendor
2. Reboot system to load new kernel
3. Verify kernel version after reboot

🔧 Temporary Workarounds

Disable XDP functionality

linux

Disable XDP sockets feature if not required

# Requires kernel reconfiguration or module blacklisting if XDP is modular

🧯 If You Can't Patch

  • Disable XDP functionality if not essential for operations
  • Implement strict network controls and monitoring for systems using XDP

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if XDP functionality is enabled

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include the patched commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Memory corruption warnings in dmesg
  • XDP-related errors

Network Indicators:

  • Abnormal XDP traffic patterns

SIEM Query:

Search for kernel panic events or memory corruption warnings in system logs

📊 Metadata

CVE ID: CVE-2025-21997
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-190
EPSS Score: 0.09% exploit probability (25.8th percentile)
Published: April 3, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21997, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)