CVE-2025-22075
📋 TL;DR
A memory allocation vulnerability in the Linux kernel's rtnetlink component causes kernel warnings and 'Message too long' errors when querying network interfaces with many VF GUIDs. This affects systems using SR-IOV with InfiniBand or similar network devices when querying VF information via netlink commands like 'ip link show'. The vulnerability can cause denial of service through kernel warnings and failed network queries.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash if the memory allocation issue triggers more severe kernel bugs during the warning handling, leading to complete system unavailability.
Likely Case
Kernel warning messages in logs and failure of network interface queries (like 'ip link show') when systems have many VF GUIDs configured, causing operational disruption for network management tools.
If Mitigated
Minor performance impact or warning messages in kernel logs without system instability if the warning is handled gracefully.
🎯 Exploit Status
Exploitation requires local access with appropriate privileges. The vulnerability is triggered by legitimate administrative commands rather than malicious payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0f5489707cf528f9df2f39a3045c1ee713ec90e7, 15f150771e0ec97f8ab1657e7d2568e593c7fa04, 23f00807619d15063d676218f36c5dfeda1eb420, 28b21ee8e8fb326ba961a4bbce04ec04c65e705a, 365c1ae819455561d4746aafabad673e4bcb0163
Vendor Advisory: https://git.kernel.org/stable/c/0f5489707cf528f9df2f39a3045c1ee713ec90e7
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update. 4. Verify the fix by checking kernel version and testing 'ip link show' commands on affected interfaces.
🔧 Temporary Workarounds
Limit SR-IOV VF count
linuxReduce the number of Virtual Functions configured via SR-IOV to avoid triggering the memory allocation issue
echo <reduced_number> > /sys/bus/pci/devices/<device_address>/sriov_numvfs
Avoid VF GUID queries
linuxAvoid using 'ip link show' or similar netlink commands on affected InfiniBand interfaces
🧯 If You Can't Patch
- Monitor kernel logs for WARNING messages from rtnl_getlink function
- Implement strict access controls to limit who can run network interface query commands
🔍 How to Verify
Check if Vulnerable:
Run 'ip link show' on an InfiniBand interface with many VFs configured and check for 'Message too long' errors or examine kernel logs for warnings from rtnl_getlinkCheck Version:
uname -rVerify Fix Applied:
After patching, run 'ip link show' on previously affected interfaces and verify no errors occur, and check kernel logs for absence of rtnl_getlink warnings📡 Detection & Monitoring
Log Indicators:
- Kernel WARNING messages containing 'rtnl_getlink'
- 'Message too long' errors in application logs when querying network interfaces
- Stack traces mentioning rtnetlink.c:4151
Network Indicators:
- Failed network interface queries from monitoring systems
SIEM Query:
source="kernel" AND "WARNING" AND "rtnl_getlink" OR source="syslog" AND "Message too long" AND "ip link"🔗 References
- https://git.kernel.org/stable/c/0f5489707cf528f9df2f39a3045c1ee713ec90e7
- https://git.kernel.org/stable/c/15f150771e0ec97f8ab1657e7d2568e593c7fa04
- https://git.kernel.org/stable/c/23f00807619d15063d676218f36c5dfeda1eb420
- https://git.kernel.org/stable/c/28b21ee8e8fb326ba961a4bbce04ec04c65e705a
- https://git.kernel.org/stable/c/365c1ae819455561d4746aafabad673e4bcb0163
- https://git.kernel.org/stable/c/5f39454468329bb7fc7fc4895a6ba6ae3b95027e
- https://git.kernel.org/stable/c/5fed5f6de3cf734b231a11775748a6871ee3020f
- https://git.kernel.org/stable/c/bb7bdf636cef74cdd7a7d548bdc7457ae161f617
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
