CVE-2025-37920
📋 TL;DR
A race condition vulnerability exists in the Linux kernel's AF_XDP socket implementation when multiple sockets share a single memory pool (UMEM) in generic RX path. This affects systems using AF_XDP for high-performance packet processing, potentially causing packet loss or system instability. The vulnerability requires specific AF_XDP configurations with shared UMEM mode.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or kernel panic due to race condition in shared memory access, leading to denial of service and potential data corruption in packet processing applications.
Likely Case
Packet loss, application instability, or performance degradation in AF_XDP-based network applications using shared UMEM configurations.
If Mitigated
Minimal impact if AF_XDP is not used or if shared UMEM mode is not configured.
🎯 Exploit Status
Exploitation requires local access, specific AF_XDP configuration, and race condition triggering; primarily a stability issue rather than privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 65d3c570614b892257dc58a1b202908242ecf8fd, 75a240a3e8abf17b9e00b0ef0492b1bbaa932251, a1356ac7749cafc4e27aa62c0c4604b5dca4983e, b6978c565ce33658543c637060852434b4248d30
Vendor Advisory: https://git.kernel.org/stable/c/65d3c570614b892257dc58a1b202908242ecf8fd
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable AF_XDP shared UMEM
linuxAvoid using shared UMEM mode in AF_XDP socket configurations
# Configure AF_XDP applications to use exclusive UMEM per socket
Disable AF_XDP functionality
linuxRemove or disable AF_XDP module if not required
# Check if AF_XDP is loaded: lsmod | grep xsk
# Unload module: rmmod xsk (if possible)
🧯 If You Can't Patch
- Avoid using AF_XDP with shared UMEM configurations
- Isolate AF_XDP applications to dedicated systems with minimal other services
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if AF_XDP with shared UMEM is configured: uname -r and review AF_XDP application configurationsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test AF_XDP shared UMEM functionality📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- AF_XDP application errors
- Packet loss in monitoring applications
Network Indicators:
- Unexpected packet drops in AF_XDP applications
- Performance degradation in packet processing
SIEM Query:
kernel: "Oops" OR "BUG" AND process:"xsk" OR "af_xdp"🔗 References
- https://git.kernel.org/stable/c/65d3c570614b892257dc58a1b202908242ecf8fd
- https://git.kernel.org/stable/c/75a240a3e8abf17b9e00b0ef0492b1bbaa932251
- https://git.kernel.org/stable/c/975b372313dc018b9bd6cc0d85d188787054b19e
- https://git.kernel.org/stable/c/a1356ac7749cafc4e27aa62c0c4604b5dca4983e
- https://git.kernel.org/stable/c/b6978c565ce33658543c637060852434b4248d30
