CVE-2025-22062 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-22062?

CVE-2025-22062 has a CVSS score of 5.5 (MEDIUM). A race condition vulnerability in the Linux kernel's SCTP protocol implementation allows concurrent calls to UDP socket start/stop functions, potentially causing a NULL pointer dereference and kernel crash. This affects Linux systems with SCTP enabled and could lead to denial of service. The vulnerability requires local access to trigger via procfs.

📋 TL;DR

A race condition vulnerability in the Linux kernel's SCTP protocol implementation allows concurrent calls to UDP socket start/stop functions, potentially causing a NULL pointer dereference and kernel crash. This affects Linux systems with SCTP enabled and could lead to denial of service. The vulnerability requires local access to trigger via procfs.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before fixes in stable releases (specific commits listed in references)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if SCTP protocol support is enabled and compiled into the kernel. Many distributions disable SCTP by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

Local denial of service through kernel crash when malicious user triggers the race condition via procfs.

🟢

If Mitigated

Minimal impact if SCTP is disabled or proper access controls prevent local users from accessing procfs.

🌐 Internet-Facing: LOW - Requires local access to trigger via procfs interface.

🏢 Internal Only: MEDIUM - Local users with access to procfs could crash the kernel, affecting system availability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Syzbot reported the crash with a reproducer. Exploitation requires local access to trigger the race condition via /proc/sys/net/sctp/udp_port.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel stable releases via commits: 10206302af856791fbcc27a33ed3c3eb09b2793d, 386507cb6fb7cdef598ddcb3f0fa37e6ca9e789d, 65ccb2793da7401772a3ffe85355c831b313c59f, b3598f53211ba1025485306de2733bdd241311a3, d3d7675d77622f6ca1aae14c51f80027b36283f8

Vendor Advisory: https://git.kernel.org/stable/c/10206302af856791fbcc27a33ed3c3eb09b2793d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SCTP protocol

linux

Remove SCTP kernel module to prevent exploitation

sudo modprobe -r sctp
echo 'blacklist sctp' | sudo tee /etc/modprobe.d/blacklist-sctp.conf

Restrict procfs access

linux

Limit access to /proc/sys/net/sctp/ to prevent local users from triggering the vulnerability

sudo chmod 600 /proc/sys/net/sctp/udp_port
sudo chown root:root /proc/sys/net/sctp/udp_port

🧯 If You Can't Patch

Disable SCTP protocol support in kernel configuration and reboot
Implement strict access controls to prevent local users from accessing /proc/sys/net/sctp/

🔍 How to Verify

Check if Vulnerable:

Check if SCTP is enabled: lsmod | grep sctp or check /proc/net/protocols for SCTP

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched releases and verify SCTP module loads without issues

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors mentioning sctp_udp_sock_stop or proc_sctp_do_udp_port

Network Indicators:

Unusual SCTP protocol activity from local processes

SIEM Query:

source="kernel" AND ("general protection fault" OR "null-ptr-deref" OR "sctp_udp_sock")

📊 Metadata

CVE ID: CVE-2025-22062

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.11% exploit probability (30th percentile)

Published: April 16, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22062, you might also want to check these: