In the Linux kernel, a vulnerability has been identified that can lead to a denial of service (DoS) under specific conditions. This vulnerability, designated as CVE-2025-21690, has a CVSS score of 5.5, categorizing it as medium severity. The issue arises from the SCSI warning logs which can flood the kernel log due to persistent errors in the hypervisor. This flooding can lead to excessive CPU utilization, hindering effective troubleshooting from the virtual machine (VM) side.
Risk to organizations includes potential downtime and resource exhaustion due to the inability to troubleshoot effectively. Given the nature of the issue, it is vital for organizations to assess their deployments and apply the necessary patches to mitigate this vulnerability. Organizations should address this vulnerability in their priority patch cycle.
Currently, there are no known exploits associated with this vulnerability, and it is not listed in the Known Exploited Vulnerabilities (KEV) database. However, the potential impact on availability means that defenders should remain vigilant and proactive in remediation efforts.
Organizations should prioritize patching immediately to prevent possible disruptions and maintain operational integrity.
Vulnerability Details
The vulnerability allows for denial of service through excessive SCSI warning logs in the Linux kernel. The CVSS score of 5.5 indicates a medium severity level, characterized by a local attack vector, low attack complexity, and the requirement for low privileges. The attack does not require user interaction, but it significantly impacts availability.
The vulnerability has been categorized under CWE-770, indicating a potential issue with insufficient rate limiting, which can lead to denial of service. The Linux kernel versions affected include those prior to 5.15.178 and those within the ranges of 5.16 to 6.1.128, 6.2 to 6.6.75, and 6.7 to 6.12.12.
The vulnerability was published on February 10, 2025, and remains classified as modified as of the last update on November 3, 2025.
Technical Analysis
The root cause of this vulnerability is linked to the way the Linux kernel handles SCSI warning logs. When persistent errors occur in the hypervisor, the kernel receives repeated failed I/O warnings that can overwhelm the logging mechanisms. This is particularly problematic as it can lead to high CPU utilization, which in turn may prevent admins from accessing critical logs needed for troubleshooting.
The attack vector is local, meaning that an attacker would need some level of access to the system to trigger the vulnerability. Attack complexity is classified as low, and the attacker requires low privileges to initiate the denial of service condition.
Additionally, the vulnerability does not affect confidentiality or integrity but poses a significant risk to availability, making it critical to address in a timely manner.
Risk & Impact Analysis
Organizations utilizing affected versions of the Linux kernel may face significant operational risks, including service interruptions and increased difficulty in troubleshooting. The blast radius could extend to any service relying on the kernel, potentially impacting overall system performance and user experience.
Given the medium severity of this vulnerability, and its potential for disruption, organizations should assess their environments and prioritize remediation accordingly. With an EPS score of 0.000120000 and a percentile of 0.018840000, the risk remains relatively low but should not be ignored.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The affected versions of the Linux kernel include all versions prior to 5.15.178, as well as those from versions 5.16 to 6.1.128, 6.2 to 6.6.75, and 6.7 to 6.12.12. Specific releases of version 6.13 are also vulnerable.
Mitigation & Remediation
Organizations should apply the patches provided by the Linux kernel maintainers to mitigate this vulnerability. Details on the available patches can be found through various sources, including penetration testing services that can assist in ensuring effective remediation.
Detection Guidance
Monitoring for unusual spikes in CPU usage and excessive log entries related to SCSI warnings can help detect potential exploitation attempts. Additionally, reviewing logs for patterns indicative of denial of service conditions is crucial.
AppSecure Threat Intelligence Insight
The resolution of CVE-2025-21690 reflects ongoing efforts in the Linux community to address vulnerabilities that can affect system availability. It is a reminder for organizations to maintain robust patch management practices and conduct regular security assessments. For further insights on security practices, consider reviewing our penetration testing methodology, the importance of a vulnerability management program, and the role of security testing tools in discovering potential vulnerabilities.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)