fkie_cve-2025-21931
Vulnerability from fkie_nvd
Published
2025-04-01 16:15
Modified
2025-11-03 20:17
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/93df6da64b004f75d307ed08d3f0f1020280d339Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/af288a426c3e3552b62595c6138ec6371a17dbbaPatch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC72572-6E9C-4CEB-A7BB-84CE93B9D275",
              "versionEndExcluding": "3.17",
              "versionStartIncluding": "3.16.65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D2CF938-4FA1-416D-AC49-F221731F57ED",
              "versionEndExcluding": "4.5",
              "versionStartIncluding": "4.4.170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A45CD2E-4AEB-4D99-A98B-6A891F0A7E72",
              "versionEndExcluding": "4.10",
              "versionStartIncluding": "4.9.150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E000738-63FA-4C36-AB82-D9B674F67599",
              "versionEndExcluding": "4.15",
              "versionStartIncluding": "4.14.93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFA510A-7BCB-464E-B2C2-5A61D6E31F58",
              "versionEndExcluding": "4.20",
              "versionStartIncluding": "4.19.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "318103BF-7584-4CC8-AB20-118945CF7244",
              "versionEndExcluding": "6.1.140",
              "versionStartIncluding": "4.20.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7787FD66-D748-44AF-A052-DE495E1E23AE",
              "versionEndExcluding": "6.6.92",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32865E5C-8AE1-4D3D-A64D-299039694A88",
              "versionEndExcluding": "6.12.19",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "842F5A44-3E71-4546-B4FD-43B0ACE3F32B",
              "versionEndExcluding": "6.13.7",
              "versionStartIncluding": "6.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page.  However folio lock must be held before\ncalling try_to_unmap.  Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n  ------------[ cut here ]------------\n  kernel BUG at ./include/linux/swapops.h:400!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G        W          6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n  Tainted: [W]=WARN\n  Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n  pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : try_to_unmap_one+0xb08/0xd3c\n  lr : try_to_unmap_one+0x3dc/0xd3c\n  Call trace:\n   try_to_unmap_one+0xb08/0xd3c (P)\n   try_to_unmap_one+0x3dc/0xd3c (L)\n   rmap_walk_anon+0xdc/0x1f8\n   rmap_walk+0x3c/0x58\n   try_to_unmap+0x88/0x90\n   unmap_poisoned_folio+0x30/0xa8\n   do_migrate_range+0x4a0/0x568\n   offline_pages+0x5a4/0x670\n   memory_block_action+0x17c/0x374\n   memory_subsys_offline+0x3c/0x78\n   device_offline+0xa4/0xd0\n   state_store+0x8c/0xf0\n   dev_attr_store+0x18/0x2c\n   sysfs_kf_write+0x44/0x54\n   kernfs_fop_write_iter+0x118/0x1a8\n   vfs_write+0x3a8/0x4bc\n   ksys_write+0x6c/0xf8\n   __arm64_sys_write+0x1c/0x28\n   invoke_syscall+0x44/0x100\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x30/0xd0\n   el0t_64_sync_handler+0xc8/0xcc\n   el0t_64_sync+0x198/0x19c\n  Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n  ---[ end trace 0000000000000000 ]---"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwpoison, memory_hotplug: bloquear folio antes de desasignar folio hwpoisoned Commit b15c87263a69 (\"hwpoison, memory_hotplug: permitir que las p\u00e1ginas hwpoisoned se desconecten\") a\u00f1adir comprobaciones de envenenamiento de p\u00e1gina en do_migrate_range para posibilitar la desconexi\u00f3n de la p\u00e1gina hwpoisoned mediante la introducci\u00f3n de insulation_lru_page y try_to_unmap para la p\u00e1gina hwpoisoned. Sin embargo, el bloqueo de folio debe mantenerse antes de llamar a try_to_unmap. A\u00f1adir esto para solucionar este problema. Se producir\u00e1 una advertencia si el folio no se bloquea durante la desasignaci\u00f3n: ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en ./include/linux/swapops.h:400! Error interno: Oops - ERROR: 00000000f2000800 [#1] PREEMPT M\u00f3dulos SMP vinculados en: CPU: 4 UID: 0 PID: 411 Comm: bash Contaminado: GW 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Contaminado: [W]=WARN Nombre del hardware: QEMU M\u00e1quina virtual QEMU, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Rastreo de llamadas: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invocar_llamada_al_sistema+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c C\u00f3digo: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ fin de seguimiento 0000000000000000 ]---"
    }
  ],
  "id": "CVE-2025-21931",
  "lastModified": "2025-11-03T20:17:29.303",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-01T16:15:23.933",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/93df6da64b004f75d307ed08d3f0f1020280d339"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/af288a426c3e3552b62595c6138ec6371a17dbba"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.