Soft Lockup in Linux Kernel due to Memory Size Configuration
CVE-2025-21851

3.3LOW

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

A vulnerability exists in the Linux kernel related to the handling of memory size configurations for AArch64 architecture. Specifically, in scenarios where CONFIG_PAGE_SIZE_64KB is enabled, a segmentation fault may occur during the execution of arena_map_free(), leading to a soft lockup. This issue arises when an unaligned address is passed to apply_to_pte_range(), disrupting the memory management flow. The vulnerability has been addressed by ensuring that the address returned by bpf_arena_get_kern_vm_start() is properly aligned according to the page size, preventing such failures and enhancing system stability.

Affected Version(s)

Linux 317460317a02a1af512697e6e964298dedd8a163

Linux 317460317a02a1af512697e6e964298dedd8a163 < 787d556a3de447e70964a4bdeba9196f62a62b1e

Linux 317460317a02a1af512697e6e964298dedd8a163 < 517e8a7835e8cfb398a0aeb0133de50e31cae32b

References

https://git.kernel.org/stable/c/c1f3f3892d4526f18aaeffdb6...

https://git.kernel.org/stable/c/787d556a3de447e70964a4bde...

https://git.kernel.org/stable/c/517e8a7835e8cfb398a0aeb01...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024