CVE-2025-21871
- Source
- https://cve.org/CVERecord?id=CVE-2025-21871
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21871.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21871
- Downstream
- Related
- Published
- 2025-03-27T13:38:23.461Z
- Modified
- 2026-05-28T03:55:29.580970639Z
- Summary
- tee: optee: Fix supplicant wait loop
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tee: optee: Fix supplicant wait loop
OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application.
Allow the client process waiting in kernel for supplicant response to be killed rather than indefinitely waiting in an unkillable state. Also, a normal uninterruptible wait should not have resulted in the hung-task watchdog getting triggered, but the endless loop would.
This fixes issues observed during system reboot/shutdown when supplicant got hung for some reason or gets crashed/killed which lead to client getting hung in an unkillable state. It in turn lead to system being in hung up state requiring hard power off/on to recover.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21871.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0180cf0373f84fff61b16f8c062553a13dd7cfca
- https://git.kernel.org/stable/c/21234efe2a8474a6d2d01ea9573319de7858ce44
- https://git.kernel.org/stable/c/3eb4911364c764572e9db4ab900a57689a54e8ce
- https://git.kernel.org/stable/c/70b0d6b0a199c5a3ee6c72f5e61681ed6f759612
- https://git.kernel.org/stable/c/c0a9a948159153be145f9471435695373904ee6d
- https://git.kernel.org/stable/c/d61cc1a435e6894bfb0dd3370c6f765d2d12825d
- https://git.kernel.org/stable/c/ec18520f5edc20a00c34a8c9fdd6507c355e880f
- https://git.kernel.org/stable/c/fd9d2d6124c293e40797a080adf8a9c237efd8b8
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21871.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-21871
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2Fixed3eb4911364c764572e9db4ab900a57689a54e8ceFixed0180cf0373f84fff61b16f8c062553a13dd7cfcaFixedc0a9a948159153be145f9471435695373904ee6dFixedec18520f5edc20a00c34a8c9fdd6507c355e880fFixedd61cc1a435e6894bfb0dd3370c6f765d2d12825dFixedfd9d2d6124c293e40797a080adf8a9c237efd8b8Fixed21234efe2a8474a6d2d01ea9573319de7858ce44Fixed70b0d6b0a199c5a3ee6c72f5e61681ed6f759612
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.12.0Fixed5.4.291
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.235
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.179
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.130
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.80
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.17
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.13.5