Cyber Resilience

CVE-2025-21671

High

Published: 31 January 2025

Published
31 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21671 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2025-21671 is a Use-After-Free (UAF) vulnerability in the zram component of the Linux kernel, classified under CWE-416. The issue arises when zram_meta_alloc fails early: it frees the allocated zram->table memory without setting the pointer to NULL. This can lead to zram_meta_free accessing the freed table if a user resets a failed and uninitialized device. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution, data corruption, or system crashes through manipulation of the zram device during allocation failure and reset scenarios.

Mitigation involves applying the upstream kernel patches provided in the stable repository commits, such as 212fe1c0df4a, 571d3f6045cd, 902ef8f16d5c, and fe3de867f948. Debian LTS users should refer to the announcement at lists.debian.org/debian-lts-announce/2025/03/msg00001.html for distribution-specific guidance on updating affected kernels.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user…

more

reset an failed and uninitialized device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel UAF vulnerability enabling arbitrary code execution and privilege escalation from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.1.122 — 6.1.127 · 6.6.68 — 6.6.74 · 6.12.7 — 6.12.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the UAF flaw in zram by requiring timely identification, reporting, and patching of the kernel vulnerability as specified in the upstream commits.

prevent

Implements memory protections like address space randomization and stack guards that mitigate exploitation of the UAF in zram->table by preventing reliable memory corruption.

prevent

Enforces least functionality by disabling or restricting non-essential zram usage, thereby reducing the attack surface for this local privilege exploitation scenario.

References