CVE-2025-21805: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Add missing deinit() call A warning is triggered when repeatedly connecting and disconnecting the rnbd: list_add corruption. prev->next should be next (ffff88800b13e480), but was ffff88801ecd1338. (prev=ffff88801ecd1340). WARNING: CPU: 1 PID: 36562 at lib/list_debug.c:32 __list_add_valid_or_report+0x7f/0xa0 Workqueue: ib_cm cm_work_handler [ib_cm] RIP: 0010:__list_add_valid_or_report+0x7f/0xa0 ? __list_add_valid_or_report+0x7f/0xa0 ib_register_event_handler+0x65/0x93 [ib_core] rtrs_srv_ib_dev_init+0x29/0x30 [rtrs_server] rtrs_ib_dev_find_or_add+0x124/0x1d0 [rtrs_core] __alloc_path+0x46c/0x680 [rtrs_server] ? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server] ? rcu_is_watching+0xd/0x40 ? __mutex_lock+0x312/0xcf0 ? get_or_create_srv+0xad/0x310 [rtrs_server] ? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server] rtrs_rdma_connect+0x23c/0x2d0 [rtrs_server] ? __lock_release+0x1b1/0x2d0 cma_cm_event_handler+0x4a/0x1a0 [rdma_cm] cma_ib_req_handler+0x3a0/0x7e0 [rdma_cm] cm_process_work+0x28/0x1a0 [ib_cm] ? _raw_spin_unlock_irq+0x2f/0x50 cm_req_handler+0x618/0xa60 [ib_cm] cm_work_handler+0x71/0x520 [ib_cm] Commit 667db86bcbe8 ("RDMA/rtrs: Register ib event handler") introduced a new element .deinit but never used it at all. Fix it by invoking the `deinit()` to appropriately unregister the IB event handler.
AI Analysis
Technical Summary
CVE-2025-21805 is a vulnerability identified in the Linux kernel related to the RDMA (Remote Direct Memory Access) subsystem, specifically within the rtrs (RDMA Transport Reliable Server) module. The issue arises from a missing deinitialization call (.deinit) that was introduced in commit 667db86bcbe8, which added a new element but failed to invoke the deinit() function to unregister the InfiniBand (IB) event handler properly. This omission leads to a warning triggered by list corruption during repeated connect and disconnect operations of the rnbd (RDMA block device). The kernel warning indicates a corruption in the linked list pointers (prev->next mismatch), which can cause instability or crashes in the RDMA communication stack. The problem manifests as a kernel warning logged in lib/list_debug.c, indicating potential memory corruption or use-after-free scenarios due to improper cleanup of event handlers. The vulnerability affects Linux kernel versions containing the specified commit and impacts systems utilizing RDMA features, particularly those leveraging the rtrs server and IB event handling. While no known exploits are reported in the wild, the flaw could lead to denial of service (DoS) conditions or kernel panics if exploited through crafted RDMA connection sequences. The root cause is a logic error in resource management within the RDMA subsystem, which is critical for high-performance computing and data center environments relying on low-latency, high-throughput networking.
Potential Impact
For European organizations, especially those operating data centers, HPC clusters, or storage systems utilizing RDMA over InfiniBand or similar technologies, this vulnerability poses a risk of service disruption. A successful exploitation could cause kernel warnings escalating to system instability or crashes, leading to potential downtime of critical infrastructure. This is particularly impactful for sectors such as finance, research institutions, telecommunications, and cloud service providers that depend on Linux-based RDMA-enabled servers for performance-sensitive applications. Although there is no evidence of active exploitation, the vulnerability could be leveraged in targeted attacks to disrupt operations or degrade service availability. Additionally, the complexity of RDMA environments and the specialized nature of the affected code path may delay detection and remediation, increasing the window of exposure. Confidentiality and integrity impacts are less likely unless combined with other vulnerabilities, but availability impact through denial of service is significant.
Mitigation Recommendations
To mitigate this vulnerability, organizations should prioritize updating their Linux kernel to versions that include the fix invoking the deinit() call to properly unregister the IB event handler. Kernel patches addressing this issue should be applied promptly, especially on systems utilizing RDMA features. Administrators should audit their environments to identify RDMA-enabled hosts and assess exposure. In environments where immediate patching is not feasible, temporarily disabling RDMA services or restricting access to RDMA interfaces can reduce risk. Monitoring kernel logs for warnings related to list corruption or IB event handler issues can help detect attempts to trigger the vulnerability. Additionally, implementing strict access controls and network segmentation for RDMA traffic can limit potential attack vectors. Coordination with hardware vendors and Linux distribution maintainers is recommended to ensure timely deployment of security updates. Finally, thorough testing of RDMA-dependent applications post-patching is advised to confirm stability and functionality.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Italy
CVE-2025-21805: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Add missing deinit() call A warning is triggered when repeatedly connecting and disconnecting the rnbd: list_add corruption. prev->next should be next (ffff88800b13e480), but was ffff88801ecd1338. (prev=ffff88801ecd1340). WARNING: CPU: 1 PID: 36562 at lib/list_debug.c:32 __list_add_valid_or_report+0x7f/0xa0 Workqueue: ib_cm cm_work_handler [ib_cm] RIP: 0010:__list_add_valid_or_report+0x7f/0xa0 ? __list_add_valid_or_report+0x7f/0xa0 ib_register_event_handler+0x65/0x93 [ib_core] rtrs_srv_ib_dev_init+0x29/0x30 [rtrs_server] rtrs_ib_dev_find_or_add+0x124/0x1d0 [rtrs_core] __alloc_path+0x46c/0x680 [rtrs_server] ? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server] ? rcu_is_watching+0xd/0x40 ? __mutex_lock+0x312/0xcf0 ? get_or_create_srv+0xad/0x310 [rtrs_server] ? rtrs_rdma_connect+0xa6/0x2d0 [rtrs_server] rtrs_rdma_connect+0x23c/0x2d0 [rtrs_server] ? __lock_release+0x1b1/0x2d0 cma_cm_event_handler+0x4a/0x1a0 [rdma_cm] cma_ib_req_handler+0x3a0/0x7e0 [rdma_cm] cm_process_work+0x28/0x1a0 [ib_cm] ? _raw_spin_unlock_irq+0x2f/0x50 cm_req_handler+0x618/0xa60 [ib_cm] cm_work_handler+0x71/0x520 [ib_cm] Commit 667db86bcbe8 ("RDMA/rtrs: Register ib event handler") introduced a new element .deinit but never used it at all. Fix it by invoking the `deinit()` to appropriately unregister the IB event handler.
AI-Powered Analysis
Technical Analysis
CVE-2025-21805 is a vulnerability identified in the Linux kernel related to the RDMA (Remote Direct Memory Access) subsystem, specifically within the rtrs (RDMA Transport Reliable Server) module. The issue arises from a missing deinitialization call (.deinit) that was introduced in commit 667db86bcbe8, which added a new element but failed to invoke the deinit() function to unregister the InfiniBand (IB) event handler properly. This omission leads to a warning triggered by list corruption during repeated connect and disconnect operations of the rnbd (RDMA block device). The kernel warning indicates a corruption in the linked list pointers (prev->next mismatch), which can cause instability or crashes in the RDMA communication stack. The problem manifests as a kernel warning logged in lib/list_debug.c, indicating potential memory corruption or use-after-free scenarios due to improper cleanup of event handlers. The vulnerability affects Linux kernel versions containing the specified commit and impacts systems utilizing RDMA features, particularly those leveraging the rtrs server and IB event handling. While no known exploits are reported in the wild, the flaw could lead to denial of service (DoS) conditions or kernel panics if exploited through crafted RDMA connection sequences. The root cause is a logic error in resource management within the RDMA subsystem, which is critical for high-performance computing and data center environments relying on low-latency, high-throughput networking.
Potential Impact
For European organizations, especially those operating data centers, HPC clusters, or storage systems utilizing RDMA over InfiniBand or similar technologies, this vulnerability poses a risk of service disruption. A successful exploitation could cause kernel warnings escalating to system instability or crashes, leading to potential downtime of critical infrastructure. This is particularly impactful for sectors such as finance, research institutions, telecommunications, and cloud service providers that depend on Linux-based RDMA-enabled servers for performance-sensitive applications. Although there is no evidence of active exploitation, the vulnerability could be leveraged in targeted attacks to disrupt operations or degrade service availability. Additionally, the complexity of RDMA environments and the specialized nature of the affected code path may delay detection and remediation, increasing the window of exposure. Confidentiality and integrity impacts are less likely unless combined with other vulnerabilities, but availability impact through denial of service is significant.
Mitigation Recommendations
To mitigate this vulnerability, organizations should prioritize updating their Linux kernel to versions that include the fix invoking the deinit() call to properly unregister the IB event handler. Kernel patches addressing this issue should be applied promptly, especially on systems utilizing RDMA features. Administrators should audit their environments to identify RDMA-enabled hosts and assess exposure. In environments where immediate patching is not feasible, temporarily disabling RDMA services or restricting access to RDMA interfaces can reduce risk. Monitoring kernel logs for warnings related to list corruption or IB event handler issues can help detect attempts to trigger the vulnerability. Additionally, implementing strict access controls and network segmentation for RDMA traffic can limit potential attack vectors. Coordination with hardware vendors and Linux distribution maintainers is recommended to ensure timely deployment of security updates. Finally, thorough testing of RDMA-dependent applications post-patching is advised to confirm stability and functionality.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.771Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe88aa
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 9:25:08 AM
Last updated: 7/26/2025, 1:49:23 PM
Views: 10
Related Threats
CVE-2025-8452: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory in Brother Industries, Ltd HL-L8260CDN
MediumCVE-2025-5468: CWE-61: UNIX Symbolic Link in Ivanti Connect Secure
MediumCVE-2025-5466: CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') in Ivanti Connect Secure
MediumCVE-2025-5456: CWE-125 Out-of-bounds Read in Ivanti Connect Secure
HighCVE-2025-3831: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. in checkpoint Check Point Harmony SASE
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.