Vulnerability in Linux Kernel Affecting Random Number Generation
CVE-2025-21767

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A bug in the Linux kernel involving the clock source verification process has been identified. This issue arises when the 'clocksource_verify_choose_cpus()' function, used for selecting CPUs based on random numbers, is called with preemption disabled. This can lead to attempts to acquire sleeping locks in an atomic context, causing system instability. The resolution involves utilizing 'migrate_disable()' to allow reliable use of 'smp_processor_id()' without introducing atomic context, thus mitigating the problem and ensuring the integrity of random number generation in the kernel.

Affected Version(s)

Linux 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < 852805b6cbdb69c298a8fc9fbe79994c95106e04

Linux 7560c02bdffb7c52d1457fa551b9e745d4b9e754 < 8783ceeee797d9aa9cfe150690fb9d0bac8cc459

Linux 7560c02bdffb7c52d1457fa551b9e745d4b9e754

References

https://git.kernel.org/stable/c/852805b6cbdb69c298a8fc9fb...

https://git.kernel.org/stable/c/8783ceeee797d9aa9cfe15069...

https://git.kernel.org/stable/c/cc3d79e7c806cb57d71c28a4a...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024