Cyber Resilience

CVE-2025-21815

High

Published: 27 February 2025

Published
27 February 2025
Modified
28 October 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0002 5.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21815 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).

Deeper analysis

CVE-2025-21815 is a shift-out-of-bounds vulnerability in the Linux kernel's memory management compaction subsystem, specifically within the isolate_freepages_block() function. The issue arises from an unchecked compound_order value, which is part of a union with flags and can take arbitrary values, leading to a UBSAN-reported shift-out-of-bounds warning when computing (1UL << order). This was discovered via syzkaller fuzzing and is classified under CWE-125 (Out-of-bounds Read), with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact confidentiality violations, such as reading sensitive kernel memory, and high-impact availability disruptions, potentially leading to denial of service through memory corruption or crashes.

Mitigation involves applying the relevant upstream kernel patches, as detailed in the referenced stable commit fixes: https://git.kernel.org/stable/c/10b7d3eb535098ccd4c82a182a33655d8a0e5c88, https://git.kernel.org/stable/c/4491159774d973a9e2e998d25d8fbb20fada6dfa, and https://git.kernel.org/stable/c/d1366e74342e75555af2648a2964deb2d5c92200. These commits restore a MAX_PAGE_ORDER check to prevent the invalid shift operation.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: mm/compaction: fix UBSAN shift-out-of-bounds warning syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order) in isolate_freepages_block(). The bogus compound_order can be any value because it is union with flags.…

more

Add back the MAX_PAGE_ORDER check to fix the warning.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel OOB read enables credential access via sensitive memory disclosure (T1212) and system crashes for DoS (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21743Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2026-31779Same product: Linux Linux Kernel
CVE-2026-43051Same product: Linux Linux Kernel
CVE-2026-23269Same product: Linux Linux Kernel
CVE-2026-31568Same product: Linux Linux Kernel
CVE-2026-43042Same product: Linux Linux Kernel
CVE-2026-23204Same product: Linux Linux Kernel
CVE-2026-23363Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.7 — 6.12.14 · 6.13 — 6.13.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the kernel flaw through application of upstream patches that add the MAX_PAGE_ORDER check to prevent shift-out-of-bounds.

prevent

Implements memory protections to mitigate unauthorized kernel memory reads resulting from the out-of-bounds shift operation.

prevent

Ensures safe handling of invalid compound_order values to avoid out-of-bounds shifts and associated confidentiality or availability impacts.

References