#VU105021 Improper locking in Linux kernel - CVE-2025-21767
Vulnerability identifier: #VU105021
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21767
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15
External links
https://git.kernel.org/stable/c/0fb534187d2355f6c8f995321e76d1ccd1262ac1
https://git.kernel.org/stable/c/6bb05a33337b2c842373857b63de5c9bf1ae2a09
https://git.kernel.org/stable/c/852805b6cbdb69c298a8fc9fbe79994c95106e04
https://git.kernel.org/stable/c/8783ceeee797d9aa9cfe150690fb9d0bac8cc459
https://git.kernel.org/stable/c/cc3d79e7c806cb57d71c28a4a35e7d7fb3265faa
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
