CVE-2025-21855: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21855 is a use-after-free vulnerability discovered in the Linux kernel's IBM Virtual Network Interface Controller (ibmvnic) driver. The vulnerability was disclosed on March 12, 2025, affecting multiple versions of the Linux kernel from version 4.5 through 6.14-rc3. The issue occurs in the network packet transmission process where the driver incorrectly accesses memory after it has been freed (NVD).

The vulnerability stems from a race condition in the ibmvnic_xmit function where the driver attempts to access the skb (socket buffer) length after sending the buffer to VIOS (Virtual I/O Server). After successfully flushing the xmit buffer to VIOS, the tx_bytes statistic is incremented by the length of the skb. However, it becomes invalid to access the skb memory after sending the buffer because VIOS can trigger an interrupt to free this memory at any point. This race condition is particularly noticeable during LPM (Live Partition Mobility) operations. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to a use-after-free condition in the Linux kernel, potentially resulting in system crashes, information disclosure, or privilege escalation. The issue affects systems using the IBM Virtual Network Interface Controller, particularly in virtualized environments where VIOS is employed (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves storing the skb length in a local variable before sending the buffer to VIOS, preventing the use-after-free condition. Multiple stable kernel versions have received the patch, including versions 6.13.5, 6.6.80, 6.12.17, and 6.1.130 (Debian Security).