Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-21931

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/04/2025
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio<br /> <br /> Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to<br /> be offlined) add page poison checks in do_migrate_range in order to make<br /> offline hwpoisoned page possible by introducing isolate_lru_page and<br /> try_to_unmap for hwpoisoned page. However folio lock must be held before<br /> calling try_to_unmap. Add it to fix this problem.<br /> <br /> Warning will be produced if folio is not locked during unmap:<br /> <br /> ------------[ cut here ]------------<br /> kernel BUG at ./include/linux/swapops.h:400!<br /> Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP<br /> Modules linked in:<br /> CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41<br /> Tainted: [W]=WARN<br /> Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015<br /> pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : try_to_unmap_one+0xb08/0xd3c<br /> lr : try_to_unmap_one+0x3dc/0xd3c<br /> Call trace:<br /> try_to_unmap_one+0xb08/0xd3c (P)<br /> try_to_unmap_one+0x3dc/0xd3c (L)<br /> rmap_walk_anon+0xdc/0x1f8<br /> rmap_walk+0x3c/0x58<br /> try_to_unmap+0x88/0x90<br /> unmap_poisoned_folio+0x30/0xa8<br /> do_migrate_range+0x4a0/0x568<br /> offline_pages+0x5a4/0x670<br /> memory_block_action+0x17c/0x374<br /> memory_subsys_offline+0x3c/0x78<br /> device_offline+0xa4/0xd0<br /> state_store+0x8c/0xf0<br /> dev_attr_store+0x18/0x2c<br /> sysfs_kf_write+0x44/0x54<br /> kernfs_fop_write_iter+0x118/0x1a8<br /> vfs_write+0x3a8/0x4bc<br /> ksys_write+0x6c/0xf8<br /> __arm64_sys_write+0x1c/0x28<br /> invoke_syscall+0x44/0x100<br /> el0_svc_common.constprop.0+0x40/0xe0<br /> do_el0_svc+0x1c/0x28<br /> el0_svc+0x30/0xd0<br /> el0t_64_sync_handler+0xc8/0xcc<br /> el0t_64_sync+0x198/0x19c<br /> Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)<br /> ---[ end trace 0000000000000000 ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.16.65 (including) 3.17 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.4.170 (including) 4.5 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.9.150 (including) 4.10 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.14.93 (including) 4.15 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.19.15 (including) 4.20 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20.2 (including) 6.1.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.92 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.13.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools