| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025031213-CVE-2025-21851-87bd@gregkh> Date: Wed, 12 Mar 2025 10:42:17 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21851: bpf: Fix softlockup in arena_map_free on 64k page kernel Description =========== In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() with that unaligned address causing soft lockup. Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned value. The Linux kernel CVE team has assigned CVE-2025-21851 to this issue. Affected and fixed versions =========================== Issue introduced in 6.9 with commit 317460317a02a1af512697e6e964298dedd8a163 and fixed in 6.12.17 with commit c1f3f3892d4526f18aaeffdb6068ce861e793ee3 Issue introduced in 6.9 with commit 317460317a02a1af512697e6e964298dedd8a163 and fixed in 6.13.5 with commit 787d556a3de447e70964a4bdeba9196f62a62b1e Issue introduced in 6.9 with commit 317460317a02a1af512697e6e964298dedd8a163 and fixed in 6.14-rc4 with commit 517e8a7835e8cfb398a0aeb0133de50e31cae32b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21851 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/bpf/arena.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c1f3f3892d4526f18aaeffdb6068ce861e793ee3 https://git.kernel.org/stable/c/787d556a3de447e70964a4bdeba9196f62a62b1e https://git.kernel.org/stable/c/517e8a7835e8cfb398a0aeb0133de50e31cae32b
Powered by blists - more mailing lists