CVE-2025-21851

LOW

Linux Kernel - Denial of Service via Unaligned Address in arena_map_free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() with that unaligned address causing soft lockup. Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned value.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/c1f3f3892d4526f18aaeffdb6068ce861e793ee3

Patch

https://git.kernel.org/stable/c/787d556a3de447e70964a4bdeba9196f62a62b1e

Patch

https://git.kernel.org/stable/c/517e8a7835e8cfb398a0aeb0133de50e31cae32b

Scores

CVSS v3 3.3

EPSS 0.0014

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (13)

linux/Kernel 6.13.0 - 6.13.5linux

linux/Kernel 6.9.0 - 6.12.17linux

Linux/Linux < 6.9

Linux/Linux 317460317a02a1af512697e6e964298dedd8a163 - 517e8a7835e8cfb398a0aeb0133de50e31cae32b

Linux/Linux 317460317a02a1af512697e6e964298dedd8a163 - 787d556a3de447e70964a4bdeba9196f62a62b1e

Linux/Linux 317460317a02a1af512697e6e964298dedd8a163 - c1f3f3892d4526f18aaeffdb6068ce861e793ee3

Linux/Linux 6.12.17 - 6.12.*

Linux/Linux 6.13.5 - 6.13.*

Linux/Linux 6.14

Linux/Linux 6.9

... and 3 more

Published Mar 12, 2025

Tracked Since Feb 18, 2026