Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-21949

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/04/2025
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> LoongArch: Set hugetlb mmap base address aligned with pmd size<br /> <br /> With ltp test case "testcases/bin/hugefork02", there is a dmesg error<br /> report message such as:<br /> <br /> kernel BUG at mm/hugetlb.c:5550!<br /> Oops - BUG[#1]:<br /> CPU: 0 UID: 0 PID: 1517 Comm: hugefork02 Not tainted 6.14.0-rc2+ #241<br /> Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022<br /> pc 90000000004eaf1c ra 9000000000485538 tp 900000010edbc000 sp 900000010edbf940<br /> a0 900000010edbfb00 a1 9000000108d20280 a2 00007fffe9474000 a3 00007ffff3474000<br /> a4 0000000000000000 a5 0000000000000003 a6 00000000003cadd3 a7 0000000000000000<br /> t0 0000000001ffffff t1 0000000001474000 t2 900000010ecd7900 t3 00007fffe9474000<br /> t4 00007fffe9474000 t5 0000000000000040 t6 900000010edbfb00 t7 0000000000000001<br /> t8 0000000000000005 u0 90000000004849d0 s9 900000010edbfa00 s0 9000000108d20280<br /> s1 00007fffe9474000 s2 0000000002000000 s3 9000000108d20280 s4 9000000002b38b10<br /> s5 900000010edbfb00 s6 00007ffff3474000 s7 0000000000000406 s8 900000010edbfa08<br /> ra: 9000000000485538 unmap_vmas+0x130/0x218<br /> ERA: 90000000004eaf1c __unmap_hugepage_range+0x6f4/0x7d0<br /> PRMD: 00000004 (PPLV0 +PIE -PWE)<br /> EUEN: 00000007 (+FPE +SXE +ASXE -BTE)<br /> ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)<br /> ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)<br /> PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)<br /> Process hugefork02 (pid: 1517, threadinfo=00000000a670eaf4, task=000000007a95fc64)<br /> Call Trace:<br /> [] __unmap_hugepage_range+0x6f4/0x7d0<br /> [] unmap_vmas+0x12c/0x218<br /> [] exit_mmap+0xe0/0x308<br /> [] mmput+0x74/0x180<br /> [] do_exit+0x294/0x898<br /> [] do_group_exit+0x30/0x98<br /> [] get_signal+0x83c/0x868<br /> [] arch_do_signal_or_restart+0x54/0xfa0<br /> [] irqentry_exit_to_user_mode+0xb8/0x138<br /> [] tlb_do_page_fault_1+0x114/0x1b4<br /> <br /> The problem is that base address allocated from hugetlbfs is not aligned<br /> with pmd size. Here add a checking for hugetlbfs and align base address<br /> with pmd size. After this patch the test case "testcases/bin/hugefork02"<br /> passes to run.<br /> <br /> This is similar to the commit 7f24cbc9c4d42db8a3c8484d1 ("mm/mmap: teach<br /> generic_get_unmapped_area{_topdown} to handle hugetlb mappings").

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.19 (including) 6.13.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools