CVE-2025-21851
- Source
- https://cve.org/CVERecord?id=CVE-2025-21851
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21851.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21851
- Downstream
- Related
- Published
- 2025-03-12T09:42:06.480Z
- Modified
- 2026-05-15T11:53:40.813473376Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- bpf: Fix softlockup in arena_map_free on 64k page kernel
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix softlockup in arenamapfree on 64k page kernel
On an aarch64 kernel with CONFIGPAGESIZE64KB=y, arenahtab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64.
It turns out arenamapfree() is calling applytoexistingpagerange() with the address returned by bpfarenagetkernvmstart(). If this address is not page-aligned the code ends up calling applytopterange() with that unaligned address causing soft lockup.
Fix it by round up GUARDSZ to PAGESIZE << 1 so that the division by 2 in bpfarenagetkernvm_start() returns a page-aligned value.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21851.json" }- References
-
- https://git.kernel.org/stable/c/517e8a7835e8cfb398a0aeb0133de50e31cae32b
- https://git.kernel.org/stable/c/787d556a3de447e70964a4bdeba9196f62a62b1e
- https://git.kernel.org/stable/c/c1f3f3892d4526f18aaeffdb6068ce861e793ee3
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21851.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-21851
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git