Linux Kernel Hrtimer Vulnerability in CPU Hotplug Process
CVE-2025-21816
Summary
A vulnerability exists in the Linux kernel related to the handling of high-resolution timers (hrtimers) during CPU hotplug events. When a CPU is being unplugged, if hrtimers are queued, they can sometimes still be triggered by the departing CPU, potentially resulting in timers being set for an offline CPU. This issue can lead to unexpected behavior, especially in real-time scheduling contexts, where the system might not respond as intended. To mitigate the risks associated with this vulnerability, improvements should be made in the hrtimer infrastructure, ensuring that timers are always migrated away from an offline CPU to an active one. This adjustment could eliminate the need for complex workarounds that have been proposed in the past.
Affected Version(s)
Linux 5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94
Linux 5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94 < 2aecec58e9040ce3d2694707889f9914a2374955
Linux 5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94 < 53dac345395c0d2493cbc2f4c85fe38aef5b63f5
References
Timeline
Vulnerability published
Vulnerability Reserved