A use-after-free vulnerability identified as CVE-2025-21887 was discovered in the Linux kernel's OverlayFS implementation, specifically involving improper handling of the dput() operation in ovl_dentry_update_reval. This flaw could potentially allow local attackers to exploit the kernel, but F5 has confirmed that none of its products are affected by this vulnerability. The issue has been resolved in the upstream Linux kernel, and vendors have begun evaluating and addressing the impact on their respective products.
Red Hat and Ubuntu have both issued security advisories urging users and administrators to apply updates to address vulnerabilities in the Linux kernel across multiple supported versions and platforms. These advisories are part of a coordinated response to recent kernel vulnerabilities, including CVE-2025-21887, ensuring that enterprise and cloud environments remain protected. Organizations are encouraged to review vendor-specific guidance and implement the recommended patches to mitigate potential risks associated with this kernel flaw.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
F5 released product advisory K000157341 concerning Linux kernel vulnerability CVE-2025-21887, indicating relevance to F5 products or components using the affected kernel. The reference does not include product impact details.
Ubuntu published a security advisory for CVE-2025-21887, signaling that Ubuntu users were notified of the issue and associated fixes or mitigations. No additional technical specifics are provided in the reference.
Red Hat issued a security advisory addressing CVE-2025-21887, indicating affected Red Hat products received or were scheduled to receive remediation guidance. The reference does not include further impact or patch details.
A Linux kernel vulnerability tracked as CVE-2025-21887 was publicly disclosed, as reflected by vendor and government advisory publications. The available references do not provide technical details or an earlier discovery date beyond the advisory publication date.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.