CVE-2025-21845 is a vulnerability identified in the Linux kernel specifically within the Memory Technology Device (MTD) subsystem's SPI-NOR flash driver for SST devices. The issue originated from a recent commit (18bcb4aa54ea) that refactored the write operation into a common function called sst_nor_write_data(). However, this change introduced a bug where the function incorrectly writes only one byte of data regardless of the intended number of bytes. This discrepancy leads to a kernel crash during write operations to SST SPI-NOR flash devices. The kernel panic and crash are triggered because the driver attempts to write fewer bytes than requested, causing inconsistencies and triggering warnings in the kernel logs. The provided call trace shows the failure occurring in sst_nor_write_data(), propagating through mtd_write_oob_std(), mtd_write_oob(), mtd_write(), and ultimately to the system call interface. This vulnerability affects Linux kernel versions containing the faulty commit and impacts systems using SST SPI-NOR flash memory devices. While the vulnerability does not appear to be exploited in the wild yet, it poses a risk of denial of service (DoS) due to kernel crashes during normal write operations. The issue is particularly relevant for embedded systems, industrial devices, and other hardware platforms relying on SST SPI-NOR flash chips managed by the Linux MTD subsystem. No CVSS score has been assigned yet, and no public patches or exploits are currently reported, but the vulnerability is published and recognized by the Linux project.

For European organizations, the primary impact of CVE-2025-21845 is the risk of system instability and denial of service on devices running vulnerable Linux kernels with SST SPI-NOR flash memory. This can affect critical infrastructure, industrial control systems, telecommunications equipment, and embedded devices commonly used in sectors such as manufacturing, energy, transportation, and IoT deployments. A kernel crash can lead to unexpected downtime, data loss, or interruption of services, which may have cascading effects on operational continuity and safety. Since the vulnerability requires write access to the SPI-NOR flash, exploitation may be limited to local users or processes with sufficient privileges, but in multi-tenant or remotely managed environments, this could be leveraged to disrupt services. European organizations with embedded Linux devices or custom hardware platforms using SST SPI-NOR flash should be particularly vigilant. The impact on confidentiality and integrity is minimal as the vulnerability primarily causes availability issues. However, availability disruptions in critical systems can have severe economic and safety consequences.

To mitigate CVE-2025-21845, European organizations should: 1) Identify all Linux systems using SST SPI-NOR flash devices managed by the MTD subsystem, especially embedded and industrial devices. 2) Apply the latest Linux kernel updates or patches that fix the sst_nor_write_data() function to ensure the correct number of bytes are written during flash operations. 3) If immediate patching is not feasible, restrict write operations to the affected devices by limiting access to privileged users and services. 4) Implement monitoring for kernel warnings or crashes related to the SPI-NOR driver to detect potential exploitation or instability early. 5) For custom or embedded Linux distributions, coordinate with vendors or maintainers to backport the fix promptly. 6) Conduct thorough testing of firmware and kernel updates in controlled environments before deployment to avoid regressions. 7) Consider hardware inventory audits to identify devices using SST SPI-NOR flash and evaluate their exposure. 8) Employ robust backup and recovery procedures to minimize downtime impact in case of crashes. These steps go beyond generic advice by focusing on device-specific identification, access control, monitoring, and vendor coordination.