Linux Kernel Namespace Crash Vulnerability in NVMe Products - Vendor Linux
CVE-2025-21850

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

A vulnerability in the Linux kernel can lead to system crashes when disabling namespaces in NVMe products. The issue arises from improper handling of the per-CPU counter, leading to potential crashes when I/O operations are still pending. Specifically, if the namespace is disabled before all pending I/Os are completed, it can cause a general protection fault, manifesting as a null-ptr dereference. This vulnerability underscores the importance of ensuring that counters are correctly initialized and monitored during namespace management, preventing system instability.

Affected Version(s)

Linux 74d16965d7ac378d28ebd833ae6d6a097186a4ec

Linux 74d16965d7ac378d28ebd833ae6d6a097186a4ec < 4082326807072b71496501b6a0c55ffe8d5092a5

Linux 6.13

References

https://git.kernel.org/stable/c/cc0607594f6813342b27c752c...

https://git.kernel.org/stable/c/4082326807072b71496501b6a...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024