CVE-2025-21803 — Improper Synchronization in Linux

CWE-662 — Improper Synchronization CWE-416 — Use After Free6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 71.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +4 more

Timeline

PublishedFeb 27

Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix warnings during S3 suspend The enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(), and the later one may call the preempt_schedule_common() function, resulting in a thread switch and causing the CPU to be in an interrupt enabled state after the enable_gpe_wakeup() function returns, leading to the warnings as follow. [ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8 [ C0] ... …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDlinux/linux_kernel6.2 — 6.6.76+2

▶Debianlinux/linux_kernel< 6.12.13-1+1

▶msrcmsrc/azl3_kernel_6.6.35.1-4_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.92.2-1_on_azure_linux_3.0

▶msrcmsrc/cbl2_kernel_5.15.158.1-1_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-3vq2-wj5j-j897: In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix warnings during S3 suspend The enable_gpe_wakeup() function calls↗2025-02-27

▶

OSV

CVE-2025-21803: In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix warnings during S3 suspend The enable_gpe_wakeup() function calls a↗2025-02-27

▶

📋Vendor Advisories

Red Hat

kernel: LoongArch: Fix warnings during S3 suspend↗2025-02-27

▶

Debian

CVE-2025-21803: linux - In the Linux kernel, the following vulnerability has been resolved: LoongArch: ...↗2025

▶

Microsoft

Possible UAF in bt_accept_poll in Linux kernel↗2024-01-09

▶