CVE-2025-21813

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> timers/migration: Fix off-by-one root mis-connection<br /> <br /> Before attaching a new root to the old root, the children counter of the<br /> new root is checked to verify that only the upcoming CPU&amp;#39;s top group have<br /> been connected to it. However since the recently added commit b729cc1ec21a<br /> ("timers/migration: Fix another race between hotplug and idle entry/exit")<br /> this check is not valid anymore because the old root is pre-accounted<br /> as a child to the new root. Therefore after connecting the upcoming<br /> CPU&amp;#39;s top group to the new root, the children count to be expected must<br /> be 2 and not 1 anymore.<br /> <br /> This omission results in the old root to not be connected to the new<br /> root. Then eventually the system may run with more than one top level,<br /> which defeats the purpose of a single idle migrator.<br /> <br /> Also the old root is pre-accounted but not connected upon the new root<br /> creation. But it can be connected to the new root later on. Therefore<br /> the old root may be accounted twice to the new root. The propagation of<br /> such overcommit can end up creating a double final top-level root with a<br /> groupmask incorrectly initialized. Although harmless given that the final<br /> top level roots will never have a parent to walk up to, this oddity<br /> opportunistically reported the core issue:<br /> <br /> WARNING: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote<br /> CPU: 8 UID: 0 PID: 0 Comm: swapper/8<br /> RIP: 0010:tmigr_requires_handle_remote<br /> Call Trace:<br /> <br /> ? tmigr_requires_handle_remote<br /> ? hrtimer_run_queues<br /> update_process_times<br /> tick_periodic<br /> tick_handle_periodic<br /> __sysvec_apic_timer_interrupt<br /> sysvec_apic_timer_interrupt<br /> <br /> <br /> Fix the problem by taking the old root into account in the children count<br /> of the new root so the connection is not omitted.<br /> <br /> Also warn when more than one top level group exists to better detect<br /> similar issues in the future.