CVE-2025-21694

Feb. 14, 2025, 3:46 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the number of softlockups in __read_vmcore at kdump time have gone down, but they still happen sometimes. In a memory constrained environment like the kdump image, a softlockup is not just a harmless message, but it can interfere with things like RCU freeing memory, causing the crashdump to get stuck. The second loop in __read_vmcore has a lot more opportunities for natural sleep points, like scheduling out while waiting for a data write to happen, but apparently that is not always enough. Add a cond_resched() to the second loop in __read_vmcore to (hopefully) get rid of the softlockups.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.13

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.13 rc1 / / / / / /
o linux linux_kernel 6.13 rc2 / / / / / /
o linux linux_kernel 6.13 rc3 / / / / / /
o linux linux_kernel 6.13 rc4 / / / / / /
o linux linux_kernel 6.13 rc5 / / / / / /
o linux linux_kernel 6.13 rc6 / / / / / /
o linux linux_kernel 6.13 rc7 / / / / / /

References

https://git.kernel.org/stable/c/649b266606bc413407ce315f710c8ce8a88ee30a
https://git.kernel.org/stable/c/65c367bd9d4f43513c7f837df5753bea9561b836
https://git.kernel.org/stable/c/80828540dad0757b6337c6561d49c81038f38d87
https://git.kernel.org/stable/c/80da29deb88a3a907441fc35bb7bac309f31e713
https://git.kernel.org/stable/c/84c4ed15626574c9ac6c1039ba9c137a77bcc7f2
https://git.kernel.org/stable/c/a5a2ee8144c3897d37403a69118c3e3dc5713958
https://git.kernel.org/stable/c/cbc5dde0a461240046e8a41c43d7c3b76d5db952

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD-CWE-noinfo
2025-02-12
CVE-2025-21694

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Date

  • Published: Feb. 12, 2025, 2:15 p.m.
  • Last Modified: Feb. 14, 2025, 3:46 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.