CVE-2025-21851 — Improper Locking in Linux
Severity
3.3LOWNVD
EPSS
0.0%
top 99.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 12
Latest updateMay 28
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix softlockup in arena_map_free on 64k page kernel
On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y,
arena_htab tests cause a segmentation fault and soft lockup.
The same failure is not observed with 4k pages on aarch64.
It turns out arena_map_free() is calling
apply_to_existing_page_range() with the address returned by
bpf_arena_get_kern_vm_start(). If this address is not page-aligned
the code ends up calling apply_to…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4
Affected Packages4 packages
▶CVEListV5linux/linux317460317a02a1af512697e6e964298dedd8a163 — c1f3f3892d4526f18aaeffdb6068ce861e793ee3+3
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime vulnerabilities↗2025-05-20
OSV▶
CVE-2025-21851: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with↗2025-03-12
GHSA▶
GHSA-hc84-56cx-wr29: In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix softlockup in arena_map_free on 64k page kernel
On an aarch64 kernel wi↗2025-03-12
📋Vendor Advisories
5Debian▶
CVE-2025-21851: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix so...↗2025