CVE-2025-21855

CVE-2025-21855 is a use-after-free vulnerability in the ibmvnic driver within the Linux kernel. The issue arises because, after successfully flushing a transmit buffer to the VIOS (Virtual I/O Server), the driver increments the tx_bytes statistic by accessing the skb->len field. This access is invalid since the VIOS can trigger an interrupt at any point afterward to free the skb memory, creating a race condition—particularly during low-power mode (LPM)—that leads to a slab-use-after-free, as evidenced by KASAN reports in ibmvnic_xmit.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation could result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution, data corruption, or system crashes via the use-after-free (CWE-416), with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Mitigation involves applying kernel patches from the referenced stable commits, including 093b0e5c9059, 25dddd01dcc8, 501ac6a7e21b, abaff2717470, and bdf5d13aa05e, which resolve the invalid skb reference after sending to VIOS. Security practitioners should update affected Linux kernels, particularly those using the ibmvnic driver on IBM Power systems.