CVE-2025-22060
📋 TL;DR
A race condition vulnerability in the Linux kernel's Marvell PP2 network driver allows concurrent modifications to parser TCAM/SRAM memory, potentially corrupting network classification rules. This affects systems using the mvpp2 driver on multi-core processors. The vulnerability can cause the classifier to drop legitimate network traffic.
💻 Affected Systems
- Linux kernel with Marvell PP2 network driver (mvpp2)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Network traffic disruption causing denial of service for affected network interfaces, potentially impacting critical network services.
Likely Case
Intermittent network packet drops on interfaces using the mvpp2 driver, leading to degraded network performance.
If Mitigated
Minimal impact with proper kernel patching and system isolation.
🎯 Exploit Status
Exploitation requires local access to trigger concurrent mvpp2_set_rx_mode() calls. No remote exploitation vector identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing commits: 46c1e23e34c9d1eaadf37f88216d9d8ce0d0bcee, 5b0ae1723a7d9574ae1aee7d9cf9757a30069865, 96844075226b49af25a69a1d084b648ec2d9b08d, b3f48a41a00d6d8d9c6fe09ae47dd21c8c1c8b03, e3711163d14d02af9005e4cdad30899c565f13fb
Vendor Advisory: https://git.kernel.org/stable/c/46c1e23e34c9d1eaadf37f88216d9d8ce0d0bcee
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify mvpp2 driver is functioning correctly post-update.
🔧 Temporary Workarounds
Disable mvpp2 driver
linuxRemove or blacklist the vulnerable driver if not required
echo 'blacklist mvpp2' >> /etc/modprobe.d/blacklist.conf
rmmod mvpp2
CPU affinity isolation
linuxIsolate mvpp2 driver to specific CPU cores to reduce concurrency
taskset -c 0-1 /path/to/network_service
🧯 If You Can't Patch
- Isolate affected systems from critical network paths
- Implement network monitoring for rx_classifier_drops counter increases
🔍 How to Verify
Check if Vulnerable:
Check if mvpp2 driver is loaded: lsmod | grep mvpp2 AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and monitor rx_classifier_drops counter: ethtool -S <interface> | grep classifier_drops📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing mvpp2 errors
- Increased network interface errors in system logs
Network Indicators:
- Unexplained unicast packet drops on affected interfaces
- Network performance degradation
SIEM Query:
source="kernel" AND ("mvpp2" OR "classifier_drops")🔗 References
- https://git.kernel.org/stable/c/46c1e23e34c9d1eaadf37f88216d9d8ce0d0bcee
- https://git.kernel.org/stable/c/5b0ae1723a7d9574ae1aee7d9cf9757a30069865
- https://git.kernel.org/stable/c/96844075226b49af25a69a1d084b648ec2d9b08d
- https://git.kernel.org/stable/c/b3f48a41a00d6d8d9c6fe09ae47dd21c8c1c8b03
- https://git.kernel.org/stable/c/e3711163d14d02af9005e4cdad30899c565f13fb
- https://git.kernel.org/stable/c/e64e9b6e86b39db3baa576fd73da73533b54cb2d
- https://git.kernel.org/stable/c/fcbfb54a0269875cf3cd6a2bff4f85a2e0a0b552
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
