CVE-2025-21851
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix softlockup in arena_map_free on 64k page kernel
On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64.
It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() with that unaligned address causing soft lockup.
Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned value.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 317460317a02a1af512697e6e964298dedd8a163 < c1f3f3892d4526f18aaeffdb6068ce861e793ee3 | affected |
| Linux | Linux | 317460317a02a1af512697e6e964298dedd8a163 < 787d556a3de447e70964a4bdeba9196f62a62b1e | affected |
| Linux | Linux | 317460317a02a1af512697e6e964298dedd8a163 < 517e8a7835e8cfb398a0aeb0133de50e31cae32b | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.12.17 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.5 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/c1f3f3892d4526f18aaeffdb6068ce861e793ee3
- https://git.kernel.org/stable/c/787d556a3de447e70964a4bdeba9196f62a62b1e
- https://git.kernel.org/stable/c/517e8a7835e8cfb398a0aeb0133de50e31cae32b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.