3.3
CVE-2025-21851
- EPSS 0.15%
- Veröffentlicht 12.03.2025 09:42:06
- Zuletzt bearbeitet 01.10.2025 20:18:29
- CVE-Watchlists
- Unerledigt
bpf: Fix softlockup in arena_map_free on 64k page kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() with that unaligned address causing soft lockup. Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.9 < 6.12.17
Linux ≫ Linux Kernel Version >= 6.13 < 6.13.5
Linux ≫ Linux Kernel Version6.9 Update-
Linux ≫ Linux Kernel Version6.14 Updaterc1
Linux ≫ Linux Kernel Version6.14 Updaterc2
Linux ≫ Linux Kernel Version6.14 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.042 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
https://git.kernel.org/stable/c/c1f3f3892d4526f18aaeffdb6068ce861e793ee3
https://git.kernel.org/stable/c/787d556a3de447e70964a4bdeba9196f62a62b1e
https://git.kernel.org/stable/c/517e8a7835e8cfb398a0aeb0133de50e31cae32b