Login Sign Up

CVE-2025-71225

N/A Unknown

📋 TL;DR

A race condition vulnerability in the Linux kernel's MD (Multiple Devices) RAID subsystem allows improper memory access when updating RAID configuration via sysfs. This affects Linux systems using software RAID (mdadm) where administrators modify RAID disk counts while I/O errors are occurring. The vulnerability could lead to kernel memory corruption or system instability.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches exist in stable kernel trees.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using software RAID (md) and modifying raid_disks via sysfs while I/O errors are occurring.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or memory corruption leading to privilege escalation or data corruption in RAID arrays.

🟠

Likely Case

System instability, kernel oops, or RAID array corruption requiring array reconstruction.

🟢

If Mitigated

No impact if RAID configuration isn't modified via sysfs during I/O errors.

🌐 Internet-Facing: LOW - Requires local access and specific administrative actions.
🏢 Internal Only: MEDIUM - System administrators modifying RAID configurations could trigger this accidentally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires root/admin access to modify RAID configuration and specific timing with I/O errors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits: 0107b18cd8ac17eb3e54786adc05a85cdbb6ef22, 165d1359f945b72c5f90088f60d48ff46115269e, 2cc583653bbe050bacd1cadcc9776d39bf449740

Vendor Advisory: https://git.kernel.org/stable/c/0107b18cd8ac17eb3e54786adc05a85cdbb6ef22

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with your distribution for security updates. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Avoid sysfs RAID modifications during I/O errors

linux

Do not modify raid_disks via sysfs when RAID arrays are experiencing I/O errors or degraded states.

Use ioctl SET_ARRAY_INFO instead

linux

Use the ioctl interface for RAID configuration changes which already properly suspends arrays.

🧯 If You Can't Patch

  • Avoid modifying RAID configuration via sysfs entirely
  • Monitor RAID arrays for I/O errors and avoid configuration changes during degraded states

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using software RAID with sysfs configuration modifications.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the patch commits or is newer than patched versions.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • RAID array corruption errors
  • System crashes during RAID reconfiguration

SIEM Query:

Search for kernel panic logs or RAID subsystem errors in system logs

📊 Metadata

CVE ID: CVE-2025-71225
CVSS v3 Score: N/A (Unknown)
Published: February 18, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON