CVE-2025-22010

April 10, 2025, 1:15 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bc Add a cond_resched() to fix soft lockup during these loops. In order not to affect the allocation performance of normal-size buffer, set the loop count of a 100GB MR as the threshold to call cond_resched().

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.14

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-667
Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.14 rc1 / / / / / /
o linux linux_kernel 6.14 rc2 / / / / / /
o linux linux_kernel 6.14 rc3 / / / / / /
o linux linux_kernel 6.14 rc4 / / / / / /
o linux linux_kernel 6.14 rc5 / / / / / /
o linux linux_kernel 6.14 rc6 / / / / / /
o linux linux_kernel 6.14 rc7 / / / / / /

References

https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b
https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9
https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79
https://git.kernel.org/stable/c/461eb4ddede266df8f181f578732bb01742c3fd6
https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6
https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11
https://git.kernel.org/stable/c/efe544462fc0b499725364f90bd0f8bbf16f861a

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-667
2025-04-08
CVE-2025-22010

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: April 8, 2025, 9:15 a.m.
Last Modified: April 10, 2025, 1:15 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.