CVE-2025-21889 (GCVE-0-2025-21889)
Vulnerability from cvelistv5
Published
2025-03-27 14:57
Modified
2025-05-04 07:23
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: perf/core: Add RCU read lock protection to perf_iterate_ctx() The perf_iterate_ctx() function performs RCU list traversal but currently lacks RCU read lock protection. This causes lockdep warnings when running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y: WARNING: suspicious RCU usage kernel/events/core.c:8168 RCU-list traversed in non-reader section!! Call Trace: lockdep_rcu_suspicious ? perf_event_addr_filters_apply perf_iterate_ctx perf_event_exec begin_new_exec ? load_elf_phdrs load_elf_binary ? lock_acquire ? find_held_lock ? bprm_execve bprm_execve do_execveat_common.isra.0 __x64_sys_execve do_syscall_64 entry_SYSCALL_64_after_hwframe This protection was previously present but was removed in commit bd2756811766 ("perf: Rewrite core context handling"). Add back the necessary rcu_read_lock()/rcu_read_unlock() pair around perf_iterate_ctx() call in perf_event_exec(). [ mingo: Use scoped_guard() as suggested by Peter ]
References
Impacted products
Vendor Product Version
Linux Linux Version: bd27568117664b8b3e259721393df420ed51f57b
Version: bd27568117664b8b3e259721393df420ed51f57b
Version: bd27568117664b8b3e259721393df420ed51f57b
Version: bd27568117664b8b3e259721393df420ed51f57b
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f390c2eea571945f357a2d3b9fcb1c015767132e",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            },
            {
              "lessThan": "a2475ccad6120546ea45dbcd6cd1f74dc565ef6b",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            },
            {
              "lessThan": "dd536566dda9a551fc2a2acfab5313a5bb13ed02",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            },
            {
              "lessThan": "0fe8813baf4b2e865d3b2c735ce1a15b86002c74",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.81",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.18",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.6",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t  lockdep_rcu_suspicious\n\t  ? perf_event_addr_filters_apply\n\t  perf_iterate_ctx\n\t  perf_event_exec\n\t  begin_new_exec\n\t  ? load_elf_phdrs\n\t  load_elf_binary\n\t  ? lock_acquire\n\t  ? find_held_lock\n\t  ? bprm_execve\n\t  bprm_execve\n\t  do_execveat_common.isra.0\n\t  __x64_sys_execve\n\t  do_syscall_64\n\t  entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:23:24.688Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f390c2eea571945f357a2d3b9fcb1c015767132e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2475ccad6120546ea45dbcd6cd1f74dc565ef6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd536566dda9a551fc2a2acfab5313a5bb13ed02"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fe8813baf4b2e865d3b2c735ce1a15b86002c74"
        }
      ],
      "title": "perf/core: Add RCU read lock protection to perf_iterate_ctx()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21889",
    "datePublished": "2025-03-27T14:57:15.897Z",
    "dateReserved": "2024-12-29T08:45:45.782Z",
    "dateUpdated": "2025-05-04T07:23:24.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21889\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-27T15:15:56.820\",\"lastModified\":\"2025-10-29T16:55:49.643\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\\n\\nThe perf_iterate_ctx() function performs RCU list traversal but\\ncurrently lacks RCU read lock protection. This causes lockdep warnings\\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\\n\\n\\tWARNING: suspicious RCU usage\\n\\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\\n\\n\\t Call Trace:\\n\\t  lockdep_rcu_suspicious\\n\\t  ? perf_event_addr_filters_apply\\n\\t  perf_iterate_ctx\\n\\t  perf_event_exec\\n\\t  begin_new_exec\\n\\t  ? load_elf_phdrs\\n\\t  load_elf_binary\\n\\t  ? lock_acquire\\n\\t  ? find_held_lock\\n\\t  ? bprm_execve\\n\\t  bprm_execve\\n\\t  do_execveat_common.isra.0\\n\\t  __x64_sys_execve\\n\\t  do_syscall_64\\n\\t  entry_SYSCALL_64_after_hwframe\\n\\nThis protection was previously present but was removed in commit\\nbd2756811766 (\\\"perf: Rewrite core context handling\\\"). Add back the\\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\\nperf_iterate_ctx() call in perf_event_exec().\\n\\n[ mingo: Use scoped_guard() as suggested by Peter ]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/core: A\u00f1adir protecci\u00f3n de bloqueo de lectura de RCU a perf_iterate_ctx(). La funci\u00f3n perf_iterate_ctx() recorre la lista de RCU, pero actualmente carece de protecci\u00f3n de bloqueo de lectura de RCU. Esto genera advertencias de lockdep al ejecutar perf probe con unshare(1) en CONFIG_PROVE_RCU_LIST=y: ADVERTENCIA: uso sospechoso de RCU kernel/events/core.c:8168 \u00a1Lista de RCU recorrida en la secci\u00f3n de no lectura! Rastreo de llamadas: lockdep_rcu_suspicious ? perf_event_addr_filters_apply perf_iterate_ctx perf_event_exec begin_new_exec ? load_elf_phdrs load_elf_binary ? lock_acquire ? find_held_lock ? bprm_execve bprm_execve do_execveat_common.isra.0 __x64_sys_execve do_syscall_64 entry_SYSCALL_64_after_hwframe Esta protecci\u00f3n ya exist\u00eda, pero se elimin\u00f3 en la confirmaci\u00f3n bd2756811766 (\\\"perf: Reescribir la gesti\u00f3n del contexto principal\\\"). Se ha a\u00f1adido de nuevo el par necesario rcu_read_lock()/rcu_read_unlock() en la llamada a perf_iterate_ctx() en perf_event_exec(). [mingo: Usar scoped_guard() como sugiri\u00f3 Peter]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.81\",\"matchCriteriaId\":\"8C92C9CD-2ADE-412E-A7FF-DC9E0630B25D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.18\",\"matchCriteriaId\":\"3D5C8D9A-4013-4C1A-810F-AA540BB5737C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.6\",\"matchCriteriaId\":\"64F12D9B-71C2-4CD7-A288-0D5EF1709620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"186716B6-2B66-4BD0-852E-D48E71C0C85F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3E781C-403A-498F-9DA9-ECEE50F41E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"66619FB8-0AAF-4166-B2CF-67B24143261D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3D6550E-6679-4560-902D-AF52DCFE905B\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0fe8813baf4b2e865d3b2c735ce1a15b86002c74\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a2475ccad6120546ea45dbcd6cd1f74dc565ef6b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dd536566dda9a551fc2a2acfab5313a5bb13ed02\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f390c2eea571945f357a2d3b9fcb1c015767132e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.