CVE-2025-21767
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
The following bug report happened with a PREEMPT_RT kernel:
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 get_random_u32+0x4f/0x110 clocksource_verify_choose_cpus+0xab/0x1a0 clocksource_verify_percpu.part.0+0x6b/0x330 clocksource_watchdog_kthread+0x193/0x1a0
It is due to the fact that clocksource_verify_choose_cpus() is invoked with preemption disabled. This function invokes get_random_u32() to obtain random numbers for choosing CPUs. The batched_entropy_32 local lock and/or the base_crng.lock spinlock in driver/char/random.c will be acquired during the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot be acquired in atomic context.
Fix this problem by using migrate_disable() to allow smp_processor_id() to be reliably used without introducing atomic context. preempt_disable() is then called after clocksource_verify_choose_cpus() but before the clocksource measurement is being run to avoid introducing unexpected latency.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d9b40ebd448e437ffbc65f013836f98252279a82 < d9c217fadfcff7a8df58567517d1e4253f3fd243 | affected |
| Linux | Linux | 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < 60f54f0d4ea530950549a8263e6fdd70a40490a4 | affected |
| Linux | Linux | 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < 852805b6cbdb69c298a8fc9fbe79994c95106e04 | affected |
| Linux | Linux | 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < 8783ceeee797d9aa9cfe150690fb9d0bac8cc459 | affected |
| Linux | Linux | 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < cc3d79e7c806cb57d71c28a4a35e7d7fb3265faa | affected |
| Linux | Linux | 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < 0fb534187d2355f6c8f995321e76d1ccd1262ac1 | affected |
| Linux | Linux | 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < 6bb05a33337b2c842373857b63de5c9bf1ae2a09 | affected |
| Linux | Linux | 193e14e68e907b2a7a936a7726accbaa4df25a4d | affected |
| Linux | Linux | 155d3c5d24ee13cafa6236b49fc02b240a511d59 | affected |
| Linux | Linux | 5.10.50 < 5.10.235 | affected |
| Linux | Linux | 5.12.17 < 5.13 | affected |
| Linux | Linux | 5.13.2 < 5.14 | affected |
| Linux | Linux | 5.14 | affected |
| Linux | Linux | 0 < 5.14 | unaffected |
| Linux | Linux | 5.10.235 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.179 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.129 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.79 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Additional References
References
- https://git.kernel.org/stable/c/d9c217fadfcff7a8df58567517d1e4253f3fd243
- https://git.kernel.org/stable/c/60f54f0d4ea530950549a8263e6fdd70a40490a4
- https://git.kernel.org/stable/c/852805b6cbdb69c298a8fc9fbe79994c95106e04
- https://git.kernel.org/stable/c/8783ceeee797d9aa9cfe150690fb9d0bac8cc459
- https://git.kernel.org/stable/c/cc3d79e7c806cb57d71c28a4a35e7d7fb3265faa
- https://git.kernel.org/stable/c/0fb534187d2355f6c8f995321e76d1ccd1262ac1
- https://git.kernel.org/stable/c/6bb05a33337b2c842373857b63de5c9bf1ae2a09
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.