CVE-2025-21868

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability in the Linux kernel has been resolved, related to the usage of small head cache with large MAX SKB FRAGS values. The issue was reported by Sabrina and is associated with a warning message at net/core/dev.c:6935 in the netif napi add weight locked function. The problem occurs when the kernel is built with MAX SKB FRAGS=45 and SKB WITH OVERHEAD(1024) is smaller than GRO MAX HEAD, triggering the use of the page frag allocator and resulting in a splat. The underlying issue is independent of a mentioned revert and requires ensuring the small head cache fits both TCP and GRO allocation, updating napi alloc skb and netdev alloc skb to select kmalloc usage for allocations fitting the cache.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. As a temporary workaround, consider disabling the netif napi add weight locked function until a patch is available. Restrict access to the vulnerable napi alloc skb and netdev alloc skb functions to minimize the risk of exploitation. Avoid using the MAX SKB FRAGS parameter with large values in the affected kernel versions until the issue is resolved.