CVE-2025-21815
Published: 27 February 2025
Summary
CVE-2025-21815 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the kernel flaw through application of upstream patches that add the MAX_PAGE_ORDER check to prevent shift-out-of-bounds.
Implements memory protections to mitigate unauthorized kernel memory reads resulting from the out-of-bounds shift operation.
Ensures safe handling of invalid compound_order values to avoid out-of-bounds shifts and associated confidentiality or availability impacts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel OOB read enables credential access via sensitive memory disclosure (T1212) and system crashes for DoS (T1499.004).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: mm/compaction: fix UBSAN shift-out-of-bounds warning syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order) in isolate_freepages_block(). The bogus compound_order can be any value because it is union with flags.…
more
Add back the MAX_PAGE_ORDER check to fix the warning.
Deeper analysisAI
CVE-2025-21815 is a shift-out-of-bounds vulnerability in the Linux kernel's memory management compaction subsystem, specifically within the isolate_freepages_block() function. The issue arises from an unchecked compound_order value, which is part of a union with flags and can take arbitrary values, leading to a UBSAN-reported shift-out-of-bounds warning when computing (1UL << order). This was discovered via syzkaller fuzzing and is classified under CWE-125 (Out-of-bounds Read), with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact confidentiality violations, such as reading sensitive kernel memory, and high-impact availability disruptions, potentially leading to denial of service through memory corruption or crashes.
Mitigation involves applying the relevant upstream kernel patches, as detailed in the referenced stable commit fixes: https://git.kernel.org/stable/c/10b7d3eb535098ccd4c82a182a33655d8a0e5c88, https://git.kernel.org/stable/c/4491159774d973a9e2e998d25d8fbb20fada6dfa, and https://git.kernel.org/stable/c/d1366e74342e75555af2648a2964deb2d5c92200. These commits restore a MAX_PAGE_ORDER check to prevent the invalid shift operation.
Details
- CWE(s)