CVE-2025-21933

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm: pgtable: fix NULL pointer dereference issue<br /> <br /> When update_mmu_cache_range() is called by update_mmu_cache(), the vmf<br /> parameter is NULL, which will cause a NULL pointer dereference issue in<br /> adjust_pte():<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read<br /> Hardware name: Atmel AT91SAM9<br /> PC is at update_mmu_cache_range+0x1e0/0x278<br /> LR is at pte_offset_map_rw_nolock+0x18/0x2c<br /> Call trace:<br /> update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec<br /> remove_migration_pte from rmap_walk_file+0xcc/0x130<br /> rmap_walk_file from remove_migration_ptes+0x90/0xa4<br /> remove_migration_ptes from migrate_pages_batch+0x6d4/0x858<br /> migrate_pages_batch from migrate_pages+0x188/0x488<br /> migrate_pages from compact_zone+0x56c/0x954<br /> compact_zone from compact_node+0x90/0xf0<br /> compact_node from kcompactd+0x1d4/0x204<br /> kcompactd from kthread+0x120/0x12c<br /> kthread from ret_from_fork+0x14/0x38<br /> Exception stack(0xc0d8bfb0 to 0xc0d8bff8)<br /> <br /> To fix it, do not rely on whether &amp;#39;ptl&amp;#39; is equal to decide whether to hold<br /> the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is<br /> enabled. In addition, if two vmas map to the same PTE page, there is no<br /> need to hold the pte lock again, otherwise a deadlock will occur. Just<br /> add the need_lock parameter to let adjust_pte() know this information.