CVE-2025-21851

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix softlockup in arena_map_free on 64k page kernel

On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64.

It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() with that unaligned address causing soft lockup.

Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned value.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux317460317a02a1af512697e6e964298dedd8a163 < c1f3f3892d4526f18aaeffdb6068ce861e793ee3affected
LinuxLinux317460317a02a1af512697e6e964298dedd8a163 < 787d556a3de447e70964a4bdeba9196f62a62b1eaffected
LinuxLinux317460317a02a1af512697e6e964298dedd8a163 < 517e8a7835e8cfb398a0aeb0133de50e31cae32baffected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.17 <= 6.12.*unaffected
LinuxLinux6.13.5 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References